Cyber-crooks have used the open-source code of the EDA2 ransomware to create the Magic ransomware strain, which has been spotted in real-life attacks against users in the past few days.
This is the second time this happens, after the open-sourced code of the Hidden Tear ransomware was also deployed in live attacks around two weeks ago
via the RANSOM_CRYPTEAR.B ransomware family.
No happy ending for Magic ransomware victims
Creator of both projects is Turkish security researcher Utku Sen, who says that both his projects,
Hidden Tear and
EDA2, were published only for educational purposes.
For RANSOM_CRYPTEAR.B victims, the story had a happy ending, as Utku Sen revealed that he purposely left an encryption flaw in the ransomware's code, which other security researchers used to help out ransomware victims.
However, there is no happy ending for Magic ransomware victims, who currently have no way of recovering their files, even if they pay the ransom. More on this later.
How Magic ransomware works
