EduCrypt targets Windows OS and the method of distribution is currently unknown. Its code is based on the open-source ransomware kit, Hidden Tear, and was designed to teach victims a lesson, not to generate profit. EduCrypt only targets a small number of folders and file types and does not connect to a C2 server. It uses the password HDJ7D-HF54D-8DN7D for the files it encrypts and appends those files with the extension .isis. EduCrypt’s ransom note does not demand any payment but it does lecture the victim on unsafe downloading practices and provides a link to a free decryption tool.

  • Bleeping Computer provides more information about EduCrypt here.
  • Although EduCrypt’s ransom note provides a link to a decryption tool, the NJCCIC recommends using the tool provided by Bleeping Computer, here, as it is a known and trustworthy source.