Home Malware Programs Ransomware Hidden-Peach Ransomware

Hidden-Peach Ransomware

Posted: January 5, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 54
First Seen: January 5, 2017
OS(es) Affected: Windows


The Hidden-Peach Ransomware is a variant of Hidden Tear, a Trojan that uses the AES encryption for preventing its victims from opening their files, such as spreadsheets or documents. Although the Hidden-Peach Ransomware targets one named directory on your hard drive exclusively, updates to this threat could allow it to lock files in other locations. Stopping the Hidden-Peach Ransomware's installation with anti-malware utilities and saving backups for emergency data recovery are the recuperation options malware experts recommend.

New Flavors of Old Enemies

The wide availability and accessibility of Hidden Tear resources are making it a meaningful name in the threat industry, both for seasoned threat actors and new ones. A recent sample from the last month of 2016 was caught by the cyber security researcher Michael Gillespie and shows how up-and-coming con artists are experimenting with this code repository for potentially harmful ends. For their part, malware experts have yet to see this new threat, the Hidden-Peach Ransomware, in any active campaigns in the wild.

The Hidden-Peach Ransomware follows the pattern of previous releases basing themselves on Hidden Tear and still uses the AES-based encryption method for locking your files. By default, Hidden Tear allows the author to isolate data for blocking it by the formats (such as 'DOC') or the directory paths. The Hidden-Peach Ransomware uses the latter by encrypting a 'desktop\hidden-gay' folder. Data in any other location should remain unaffected by this payload, making the Hidden-Peach Ransomware questionably viable for deployment, until its author makes additional updates. Currently, the Hidden-Peach Ransomware's code setup would allow it to encrypt other locations after nothing more than a straightforward change to a single line of code referencing a simple text string.

The Hidden-Peach Ransomware also generates a Windows message box object that contains what appears to be debugging information regarding the Trojan's password and the specified encryption directory. Since the Trojan is in its testing phases, malware experts find no additional information available or other information of relevance to potential victims, such as any ransom amounts for a decryption key.

Sorting Bad Fruit into the Trash

Traditional builds of Hidden Tear Trojans transfer the key needed for unlocking your files to a remote server with con artists maintaining possession of it until you pay their fee. While the Hidden-Peach Ransomware's author may never end up deploying this threat in a real campaign, the Trojan could, theoretically, block arbitrary files without giving you any recourse for recovering them. For the time being, PC users should remain careful about what names their desktop folders utilize due to their vulnerability to being targets of the Hidden-Peach Ransomware or similar file-encoding Trojans.

Like many members of the Hidden Tear family, the Hidden-Peach Ransomware is under development by an independent threat actor with no known associations to other threat campaigns. However, this Trojan's small file size makes itself suitable for distribution via spam e-mails, which could misname the attachment as a benign one (such as a package delivery notice). Malware experts find no new defenses in this threat, and conventional anti-malware protocols should catch and delete the Hidden-Peach Ransomware when availed of the opportunity.

Whether or not the Hidden-Peach Ransomware is a statement towards the gay community, its simple existence shows how new threat actors still have an interest in experimenting with Hidden Tear, potentially to the detriment of the public at large.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Hidden-Peach Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.