{
	"id": "3b49fbba-0133-4ab7-932d-ce69ab929765",
	"created_at": "2026-04-06T00:10:11.367263Z",
	"updated_at": "2026-04-10T03:20:37.960757Z",
	"deleted_at": null,
	"sha1_hash": "fa4412b874eb9d03d03b1f34c838ba454e569bd9",
	"title": "Hidden Tear Ransomware Developer Blackmailed by Malware Developers using his Code",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 765494,
	"plain_text": "Hidden Tear Ransomware Developer Blackmailed by Malware\r\nDevelopers using his Code\r\nBy Lawrence Abrams\r\nPublished: 2016-01-25 · Archived: 2026-04-05 21:38:04 UTC\r\nIn a post on the BleepingComputer.com forums, the developer of the Magic Ransomware infection is blackmailing the\r\nauthor of the open source Hidden Tear and EDA2 Ransomware Project. The malware developer's demands are simple; take\r\ndown the Hidden Tear project or the Magic ransomware's victims lose their decryption keys.\r\nThis past weekend we reported about the Magic ransomware, which utilized the publicly posted open source EDA2\r\nransomware project. Unfortunately, the Command and Control servers for the Magic ransomware were hosted on free web\r\nhosting sites and were deleted along with the decryption keys. When this happened, Utku Sen, the developer of the open\r\nsource Hidden Tear and EDA ransomware projects, realized making EDA2 publicly available as an educational project was\r\na mistake and pulled it from github so it couldn't be used in the future.\r\nToday, in our Magic Ransomware Support Topic, a user named jeanclaudevandan, who appears to the\r\nransomware developer, posted that they felt bad for one of the victim's who lost pictures of his newborn baby and would\r\ngive him his decryption key for free.\r\nMagic Ransomware Developer Offering Key for Free\r\nSoon after, the victim reported that they received the key and we tested that we could indeed use it to decrypt their files.\r\nLater in the day, Utku Sen posted in our forum as well stating that he would help as much as possible those who were\r\naffected by ransomware that utilized his project.  In response, the user jeanclaudevandan wrote that they would release all\r\nthe keys if Utku also took down his still visible Hidden Tear ransomware project and paid the malware developer 3 bitcoins.\r\nhttps://www.bleepingcomputer.com/news/security/hidden-tear-ransomware-developer-blackmailed-by-malware-developers-using-his-code/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hidden-tear-ransomware-developer-blackmailed-by-malware-developers-using-his-code/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nSecond post by the Malware Developer\r\nThe reality is that this is a win-win situation. If the victim's could get their keys back and the Hidden Tear project, no matter\r\nhow vulnerable it is, out of public view, everyone would benefit. After further posting back and forth, the malware\r\ndeveloper agreed to release all of the keys if Utku would just take down the Hidden Tear program.\r\nThird post by the Malware Developer\r\nOn one hand, taking down the Hidden Tear project is in the best interests for everyone and the victim's of the magic\r\nransomware get their keys back.  On the other hand, giving into the demands of ransomware developers is never a wise\r\npolicy and may embolden malware developers to make similar threats in the future. At this point we are waiting to hear from\r\nUtku Sen about what his next move will be.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/hidden-tear-ransomware-developer-blackmailed-by-malware-developers-using-his-code/\r\nPage 3 of 4\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hidden-tear-ransomware-developer-blackmailed-by-malware-developers-using-his-code/\r\nhttps://www.bleepingcomputer.com/news/security/hidden-tear-ransomware-developer-blackmailed-by-malware-developers-using-his-code/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/hidden-tear-ransomware-developer-blackmailed-by-malware-developers-using-his-code/"
	],
	"report_names": [
		"hidden-tear-ransomware-developer-blackmailed-by-malware-developers-using-his-code"
	],
	"threat_actors": [],
	"ts_created_at": 1775434211,
	"ts_updated_at": 1775791237,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fa4412b874eb9d03d03b1f34c838ba454e569bd9.pdf",
		"text": "https://archive.orkl.eu/fa4412b874eb9d03d03b1f34c838ba454e569bd9.txt",
		"img": "https://archive.orkl.eu/fa4412b874eb9d03d03b1f34c838ba454e569bd9.jpg"
	}
}