EduCrypt targets Windows OS and the method of distribution is currently unknown. Its code is based on the open-source ransomware kit, Hidden Tear, and was designed to teach victims a lesson, not to generate profit. EduCrypt only targets a small number of folders and file types and does not connect to a C2 server. It uses the password HDJ7D-HF54D-8DN7D for the files it encrypts and appends those files with the extension .isis. EduCrypt’s ransom note does not demand any payment but it does lecture the victim on unsafe downloading practices and provides a link to a free decryption tool.