Posted on Wednesday, June 29 2016 @ 13:10 CEST by Thomas De Maesschalck
A new type of educational ransomware is making the rounds. Dubbed EduCrypt, this piece of malware encrypts all your personal files, but instead of demanding a ransom, it gives the decryption key for free along with a reprimand warning you about the dangers of downloading stuff from the Internet. Full details
at BleepingComputer.
This ransomware is based off of the open source Hidden Tear ransomware and the sample was obfuscated using Confuser. Once I was able to deobfuscate the program, it was clear that it was a very stripped down version of the Hidden Tear ransomware that was designed purely to teach the victim a lesson. It has a limited set of folders that it encrypts, a small amount of targeted file extensions, and does not communicate with a Command & Control server.
