New Crypto-Ransomware Malware Found For MacOS User
Cyber Security Firm ESET found new Ransomware Malware called Patchers. This Ransomware written in Swift language, which is distributed via Torrent sites.
When the users are trying to download the software patchers from torrent sites it contains a ZIP file. Here researcher found two different fake application of Adobe Premiere Pro and Microsoft office for Mac which is known as Patchers.
After download the Patcher its trying to force to click on Start button to crack the software, which is truely Ransomware. The application has the bundle identifier NULL.prova and is signed with a key that has not been signed by Apple.
By Clicking the start button launches the encryption process. It copies a file called README!.txt all around the user’s directories such as “Documents” and “Photos”. Then the ransomware generates a random 25-character string to use as the key to encrypt the files. The same key is used for all the files, which are enumerated with the find command line tool; the zip tool is then used to store the file in an encrypted archive.
Once all the files are encrypted there is code to try to null all free space on the root partition with diskutil, but the path to the tool in the malware is wrong. It tries to execute /usr/bin/diskutil, however the path to diskutil in macOS is /usr/sbin/diskutil.
No Decryption Process AvailableHere is a problem with this Ransomware that there is no way to decrypt a victim's files. In this case by paying the ransom also can not bring back your files.
ConclusionThis new crypto-ransomware, designed specifically for macOS, is surely not a masterpiece. Unfortunately, it’s still effective enough to prevent the victims accessing their own files and could cause serious damage.
Our suggestion don't use torrent Sites to download any Crack or Patch, it might be contains Ransomware.
Image source: ESET