HiddenTear is an open-source Ransomware project, which was published online at the beginning of 2016. According to the author, HiddenTear was meant to make people more familiar with the concept of crypto-threats, and teach them how it works and how they can protect themselves from it. However, the author’s plan certainly backfired when cyber crooks took advantage of the ready-to-use ransomware and began to craft their personalized ransomware variants like the WinUpdatesDisabler Ransomware, the CryForMe Ransomware and others. Today we’ll take a look at another HiddenTear variant, which asks for the ludicrous ransom sum of $40,000 and, as usual, the attackers demand to receive the money via a Bitcoin transaction.

‘Your Files has been encrypted with a very strong hashing algorithm using a password stored in a secure server
If your files are important to you then send us 40.000$ Bitcoin
Our bitcoin Adress is : [REDACTED]
Once we receive the bitcoin we will send you the password to decrypt your files
You can use the software named(to be find on your desktop) : The-decrypter.exe and provide the password’

The ransomware in question has been dubbed the Mora Project Ransomware by researchers, and their tests show that this threat is yet to be finished. At the moment, the Mora Project Ransomware is limited to encrypting files in one single directory – ‘%USERPROFILE%\test.’ The threat does not lock files stored in other directories so that even if someone ends up running the Mora Project Ransomware on their computers, it is highly unlikely that they’ll lose any files during the attack. However, it is likely that this will change if we see a future release. It also is important to mention that the encrypted files will have their name changed to include the ‘.encrypted’ extension (e.g. ‘project.pptx’ will be renamed to ‘project.pptx.encrypted’).

The Mora Project Ransomware’s ransom note does not provide the victim with any contact details. However, it tells them to send $40,000 via a Bitcoin transaction to the address specified in the note. The full instructions will be on the desktop, in the file ‘ReadMe_Important.txt.’ Even if the authors of the Mora Project Ransomware release a fully weaponized version of their file-encryption Trojan, it will still use the HiddenTear’s flawed encryption algorithm. Dealing with HiddenTear variants like the Mora Project Ransomware is certainly annoying for the victim, but the good news is that free HiddenTear decryptors can help them get all their data back without paying a dime. However, it is important to remember that the decryption utility should only be run after the Mora Project Ransomware has been fully removed with the help of a credible anti-virus application.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]