Mac OS Ransomware Detected

1it enterprise

1it enterpriseThrough bit torrent websites, a new file encrypting ransomware program targeted at macOSis being distributed. Despite paying, the ransom users who fall victim to it will not be able to retrieve their files. It is rare to spot a crypto ransomware programs. This one is just the second such program found in the wild and this one is designed poorly as well. The program is named OSX/Filecoder.E. It covers up as an Adobe Premiere Pro CC and Microsoft Office like commercial software cracking tool. Judging from the mistakes made by the developer it appears to be written in Apple’s Swift programming language and the developer is inexperienced. It is harder to install the malware on newer macOS and OS X as the application installer is not signed with the developer certificate issued by Apple and users will have to override the default security settings.

 

The way this malware encrypts files is what appears to be the biggest problem tough. The files are stored in a zip archive after a single encryption key was generated for all files. The malware also don’t have any ability to communicate with any external server. Lack of this ability destroys the key before it reaches the attacker.