win.eda2_ransom (Back to overview)


EDA2 is a successor of HiddenTear. Just like HiddenTear it was developed as an open-source project by a security researcher and published on Github. It was meant as "educational ransomware" and purposefully had flaws in the encryption process that allow decryption of ransomed files.

This backfired, when threat actors began to modify HiddenTear and EDA2 source code. Some modifications introduced bugs where encrypted files were destroyed, others fixed the encryption flaws and made decryption without a key impossible.

2020-04-14Palo Alto Networks Unit 42Adrian McCabe, Juan Cortes, Vicky Ray
Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns
Agent Tesla EDA2
2017-08-21Utku Sen BlogUtku Sen
I'm Sorry For Hidden Tear and EDA2
EDA2 HiddenTear
2017-01-02Twitter (JaromirHorejsi)Jaromír Hořejší
Tweet on Ransomware
2016-01-25Bleeping ComputerLawrence Abrams
Hidden Tear Ransomware Developer Blackmailed by Malware Developers using his Code
EDA2 HiddenTear
2016-01-23Github (utkusen)Utku Sen
Github Repository of EDA2

There is no Yara-Signature yet.