Published on February 24th, 2017 📆 | 7432 Views ⚑0
New Crypto-Ransomware Malware Found For MacOS User
Cyber Security Firm ESET found new Ransomware Malware called Patchers. This Ransomware written in Swift language, which is distributed via Torrent sites.
When the users are trying to download the software patchers from torrent sites it contains a ZIP file. Here researcher found two different fake application of Adobe Premiere Pro and Microsoft office for Mac which is known as Patchers.
After download the Patcher its trying to force to click on Start button to crack the software, which is truely Ransomware. The application has the bundle identifier NULL.prova and is signed with a key that has not been signed by Apple.
Once all the files are encrypted there is code to try to null all free space on the root partition with diskutil, but the path to the tool in the malware is wrong. It tries to execute /usr/bin/diskutil, however the path to diskutil in macOS is /usr/sbin/diskutil.
No Decryption Process Available
Here is a problem with this Ransomware that there is no way to decrypt a victim’s files. In this case by paying the ransom also can not bring back your files.
This new crypto-ransomware, designed specifically for macOS, is surely not a masterpiece. Unfortunately, it’s still effective enough to prevent the victims accessing their own files and could cause serious damage.
Our suggestion don’t use torrent Sites to download any Crack or Patch, it might be contains Ransomware.
Image source: ESET