Mac ransomware locks your files and throws away the key (if you’re a pirate)

[sincity]

It’s been an unfortunately busy time for Mac malware over the past couple of weeks, with matters getting worse today as a fresh ransomware threat has been discovered.

The ransomware payload is hidden in a program that goes by the name of Patcher, which is found on torrent sites and claims to be a crack (to get around needing a license key) for a couple of popular software offerings: Adobe Premiere Pro and Microsoft Office for Mac (and possibly others, as well).

ESET, the security outfit which spotted the malware, notes that it’s a crudely coded piece of work. If you fire up the Patcher program, it pops up a dialog box asking you to hit start in order to initiate the cracking process – but if you do so, it’ll proceed to encrypt all your files and demand a ransom payment.

You’ll be asked to fork out 0.25 Bitcoin in order to recover your locked-away data, which is approximately £230 ($290 or AU$370).

But will you get your files back? There’s no guarantee with ransomware, although in this case, the outcome is certain – you most definitely won’t, and paying is in fact pointless.

Out of control

ESET observes that this badly written piece of malware doesn’t contain any code whatsoever which would allow it to communicate with a command and control server, so there’s no method of sending the encryption key to the author, and equally no way for them to unlock your files.

The good news is that the Bitcoin wallet specified for payments has nothing in it, meaning nobody has paid up to the criminals behind the malware yet. Fingers crossed that remains the case.

This episode underlines the fact that downloading cracks via torrents is a very risky (and of course illegal) business. Although, despite the apparent crudeness of this effort, there could be a chance of it getting adapted and hidden inside something that looks like legitimate software in the future.

Ransomware is becoming more and more popular due to the simple fact that it allows criminals to potentially make a fast buck, using common methods such as a timer which rushes the victim into paying (threatening to destroy the decryption key for good after a time limit expires).

And evidently macOS is seen as a ripe target, as well as Windows systems. Apple's computers were first hit by ransomware almost a year ago now.

Via: Neowin

• Make sure your Mac has the best antivirus protection going