If you are using a device with a Mac operating system, we have bad news for you: a novel ransomware variant was discovered to target them. Most of crypto-viruses are mainly designed to infect Windows users, for this reason, discovering a sample that targets solely Mac devices is a fearsome sight to our eyes. Nevertheless, this variant does appear to stand out in a couple of different areas as well as it has some major flaws in the way it was developed.
Security analysts have agreed to name this ransomware OSX/Filecoder.E. According to the concluded research, this variant is not distributed via malicious spam campaigns. Hackers have designed it to reach users’ devices when they are attempting to download via BitTorrent pages. Two patchers were identified to be responsible for transmission of this ransomware. If you are illegally downloading various products and using peer-to-peer file sharing applications, your device could be filled with questionable programs. It is not an unknown fact that downloading programs via torrent is not always safe: you can be tricked into downloading something malicious instead of helpful.
In this case, after fake patchers are downloaded by the user, he/she will presumably run the new executables. Then, a window will follow, recommending to click “Start” and crack the needed application. After that, the infection will be allowed to officially begin its activity, ending with demands for a ransom. Compromised victims will have their data (in hard drives, external and network drives) encrypted with a public key for encryption. After this process is concluded, README!.text can be noticed in random folders. If this text file is launched, it will give information about the ransomware and require victims to pay 0.25 BTC (about 292.02 US dollars) for encryption. If people wish to have their data recovered faster, they can choose to pay 0.45 BTC (525.64 US dollars) and have their files resurrected in 10 minutes. Or, at least that is what the creators of this ransomware promise to do.
Analysts from ESET which were first to discover this ransomware explain that there is a major flaw in it. Most of the variants manage to contact their C&C servers to inform hackers about a new victim and to provide them with crucial keys for decryption. However, despite sounding convincing, creators of OSX/Filecoder.E have no way of helping their victims even if the ransom is paid. According to researchers, ransomware fails to contact its C&C server, meaning that even hackers themselves do not have the capacity of recovering encrypted data.
Even though ransomware, specifically for Mac devices, is not a frequent discovery, you should always bear in mind that there is a very thin line between safety and danger. One wrong download or visit, and your entire system could be compromised by a vicious ransomware infection. Once again, you should consider uploading your files in backup storages. If you will have your data in other locations than your hard drive, you won’t feel desperate once the original copies become encrypted by a ransomware infection.
Source: macobserver.com.