Turkey-based security researcher Utku Sen released in August 2015 the source code of Hidden Tear, a piece of file-encrypting ransomware designed for educational purposes. Knowing that his code might be used by criminals, Sen intentionally weakened the encryption in Hidden Tear so that victims could recover their files without paying the ransom.

However, criminals took the code and created Linux.Encoder, the first ransomware designed to target Linux systems. Bitdefender cracked Linux.Encoder’s encryption for all of the versions of Linux.Encoder.

Now Trend Micro has discovered another piece of ransomware based on the Hidden Tear code called Ransom_Cryptear.B. This piece of malware does not send an encryption key to the hacker. Sen determined that the ransomware is based on Hidden Tear Offline Edition, a version designed to work on computers that don’t have an Internet connection.

Security researcher Yonathan Klijnsma said: “There is no educational purpose for releasing source code for a piece of ransomware. Cryptographic implementations to secure files, sure, ransomware no. We have too much to deal with already, you really don't want to help anyone in that business.”

Klijnsma also pointed out that since the Sen disclosed how he weakened the crypto implementation in Hidden Tear, he made it possible for malicious actors to make the changes necessary to create a more efficient ransomware.

Source: Security Week