Hidden Tear Offline Edition or: How I Learned to Stop Worrying and Love the Criminal Mind

29 August 2015

Although lots of people have criticized me in Reddit and Github about publishing an open source ransomware program, I was still willing to develop a new version of it. Since the first ransomware program (cryptolocker) appeared in wild, cyber criminals are always one step further than security experts. Criminals are writing malicious programs, spreading them, making profit. After then security companies takes an action. I believe that we the white hat hackers should make the first move. We should think like cyber criminals and code like them. With this practice, security companies can take precaution before criminals start to action . Maybe I'm wrong with my theory. But for now, I don't see any problem with this practice and I will continue it.

So.

While I was working on new ransomware principles after I published the hidden tear, a question appeared in my mind. What if there is a computer with full of important files and what if it has no internet or network connection. We can access it physically. But what if we were being watched, how can we execute the hidden tear and get the encryption key?

Well, I developed a solution for it. It's still simple as possible (like hidden tear) . It also follows the same principles with hidden tear. It includes some additions. The new program is called: hidden-tear-offine or: how i stop worrying and love the criminal mind

Workflow of Hidden Tear Offline

Prerequisites

Firstly, you should have a usb stick which includes:

1)exe file of hidden tear offline with pdf icon

2)a normal pdf file like hotel reservation, ticket, lecture notes (that depends on your social engineering scenario)

3)a txt file

Social Engineering Part

You should find a social engineering scenario to plug the usb to computer. For example: Excuse me sir I forget my reservation number but I have it in my usb stick, can I check it real quick?

Show Time For Hidden Tear Offline

After you plugged the usb stick, double click to hidden tear's exe file. Don't worry, the normal pdf file will be open.

Hidden tear offline creates an encryption key and saves it into the txt file which is inside your usb stick. After then it copies exe file to the computer and executes. This process will be done in seconds. After than you can unplug your usb stick (Don't forget to say "thank you sir")

Hidden tear offline will wait for some time which specified before, lets say 10 minutes. After 10 minutes it will encrypt all the target files in computer. This part is same with the original hidden tear

Demonstration Video

Technical Details and Source Codes

You can check the details and view the source code in my Github repository.