In a span of one to two weeks, three new open source ransomware strains have emerged, which are based on Hidden Tear and EDA2. These new ransomware families specifically look for files related to web servers and databases, which could suggest that they are targeting businesses.
Both Hidden Tear and EDA2 are considered as the first open source ransomware created for educational purposes. However, these were quickly abused by cybercriminals. RANSOM_CRYPTEAR.B is one of the many Hidden Tear spinoffs that infect systems when users access a hacked website from Paraguay. Magic ransomware (detected as RANSOM_MEMEKAP.A), based on EDA2, came soon after CRYPTEAR.B’s discovery.
One factor that contributed to the proliferation of this ransomware type is the ease and convenience it offers to cybercriminals—they don’t have to be technically skilled to build their own ransomware from scratch. Before the source codes of Hidden Tear and EDA2 were taken down, these were publicly available and cybercriminals only had to modify the code based on their needs.