macOS Ransomware – May Permanently Encrypt Files

Security researcher ESET has found a new mac operating system ransomware. This ransomware is downloadable via bit torrent websites. This software is called "Patcher" and is used to pirate popular software.

These torrents found in wild included a zip file. However, this zip file is not really pirated software. This software is actually ransomware.

Once a "Start" button is clicked your files are then encrypted. A random twenty five character encryption key is generated. Your original files are deleted and replaced with these encrypted ones.

All files under a "Users" and "Volumes" directory are encrypted. A email address and bitcoin address are included in a README file. This file warns a user that all data is encrypted and can be unlocked with a payment.

However, ESET points out that there is no way for these files to get their encryption reversed. ESET recommends that you not pay a ransom fee, if you are a victim of this ransomware.

Leave a Comment

Leave a Reply