A supposedly "educational" version of HiddenTear has been found in the wild, discovered by security researcher Jakub Kroustek and dubbed as potential "educrypt", calls itself "HiddenTear 2.0".
The malware may come from a download on the internet, and has a very crude Skype logo for the icon, along with the filename "skypetool.exe".
Victim's files are encrypted using AES with a randomly generated password, and have the extension ".isis" appended. The ransom note is left on the desktop called "README.txt", and has the following message.
Well hello there, seems you have a virus! Well you are going to get the decryptor which is here http://www.filedropper.com/decrypter_1 Don't Download Random bleep On The Internet A Hidden .txt File Has Been Created With The Decrypt Password! Find It!..
Fortunately, this ransomware is true to its claim, and is easily decrypted. The password will be saved to a file under My Documents called "DecryptPassword.txt".
Smart Find! Password: XXXXX-XXXXX-XXXXX
While the decrypter provided is confirmed to be non-malicious, it only searches for files by the extension ".locked", as was the original HiddenTear project.
I have updated my decrypter to be used with this variant. Simply download the decrypter at this link, and input the password from the "DecryptPassword.txt" file. I recommend running it on a test directory before trying to decrypt all files.