EDA2 is a successor of HiddenTear. Just like HiddenTear it was developed as an open-source project by a security researcher and published on Github. It was meant as "educational ransomware" and purposefully had flaws in the encryption process that allow decryption of ransomed files.
This backfired, when threat actors began to modify HiddenTear and EDA2 source code. Some modifications introduced bugs where encrypted files were destroyed, others fixed the encryption flaws and made decryption without a key impossible.
|2020-04-14 ⋅ Palo Alto Networks Unit 42 ⋅ |
Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns
Agent Tesla EDA2
|2017-08-21 ⋅ Utku Sen Blog ⋅ |
I'm Sorry For Hidden Tear and EDA2
|2017-01-02 ⋅ Twitter (JaromirHorejsi) ⋅ |
Tweet on Ransomware
|2016-01-25 ⋅ Bleeping Computer ⋅ |
Hidden Tear Ransomware Developer Blackmailed by Malware Developers using his Code
|2016-01-23 ⋅ Github (utkusen) ⋅ |
Github Repository of EDA2
There is no Yara-Signature yet.