Mac Ransomware: New 'Patcher' Attack Won't Decrypt User Files Even After Ransom Is Paid
PCs may still experience more viruses, but Apple owners can’t be as worry free as they once were. The latest evidence comes in the form of a ransomware attack discovered by security researchers.
Dubbed Patcher, the attack has made the rounds through torrents. It poses as workaround for licensed software like Microsoft Office for Mac 2016 and Adobe Premiere Pro CC 2017, promising to allow users to use the programs without paying for a license.
Instead, Patcher begins spreading a “readme” file throughout a number of user directories before encrypting all user files on the device using a randomly-generated, 25-character key in an archive and deleting the original files. Once the encryption process is run, the original files are deleted.
The “readme” files left behind inform the user that their files have been encrypted and the only way for them to regain access is by paying a ransom. The attacker demands 0.25 bitcoin (about $280) to be sent to them within seven days. The malware is supposed to decrypt the files within 24 hours of payment—or in 10 minutes of the victim pays 0.45 bitcoin.
However, according to security researcher Marc-Etienne M.Léveillé, the ransomware is not properly coded and will not actually decrypt any of the user’s files—even if they pay the ransom.
The entire attack, according to the researcher, is pretty poorly conceived. The malware, written in Apple’s preferred programming language Swift, has a transparent background that makes it difficult to spot and cannot be reopened if the window is closed. Essentially, it’s a poorly crafted program.
That doesn’t mean it can’t be successful or cause problems for users, but thus far it has been unsuccessful. The researchers note that every instance of the attack provides the same bitcoin wallet address and publicly viewable email address, meaning they can track the transactions and messages sent between the victim and attacker.
There has yet to be any contact between the ransomware creator and a victim of the attack, and appears to be no payment may to decrypt files.
"This new crypto-ransomware, designed specifically for macOS, is surely not a masterpiece," Léveillé wrote. "Unfortunately, it's still effective enough to prevent victims accessing their own files and could cause serious damage."
Mac users are advised to maintain an offline backup of their data so they are not left unable to access important files in case of an attack. It is also suggested users run security software that may catch an attack before it compromises a device.
© Copyright IBTimes 2024. All rights reserved.