This ransomware is based off of the open source Hidden Tear ransomware and the sample was obfuscated using Confuser. Once I was able to deobfuscate the program, it was clear that it was a very stripped down version of the Hidden Tear ransomware that was designed purely to teach the victim a lesson. It has a limited set of folders that it encrypts, a small amount of targeted file extensions, and does not communicate with a Command & Control server.
EduCrypt ransomware teaches victims a lesson
Posted on Wednesday, June 29 2016 @ 13:10 CEST by Thomas De Maesschalck
A new type of educational ransomware is making the rounds. Dubbed EduCrypt, this piece of malware encrypts all your personal files, but instead of demanding a ransom, it gives the decryption key for free along with a reprimand warning you about the dangers of downloading stuff from the Internet. Full details at BleepingComputer.