A Turkish security expert has posted the code of fully functional ransomware on open source hosting site Github. The currently undetectable ransomware is called ‘Hidden Tear’ and contains all the features a cybercriminal can expect from modern malware.
The malware supports encryption of files with strong AES SHA256 encryption. Once the system is infected the key is send to a server and the victim of the malware will see a text file on his desktop that contains information on how to get the files decrypted. The author of the malware also includes software that allows for decryption of files.
The actual code appears to be real although we haven’t tested it. According to the expert the code has been posted for educational purposes. Nevertheless, there’s a big chance the ransomware will popup in new attacks.