INFRA
INFRA
INFRA
New Patcher macOS ransomware offers no way to decrypt files
A newly discovered form of ransomware that targets macOS users encrypts files but because of poor coding provides no way for the files to be decrypted, according to a report published Wednesday.
Called Patcher, the ransomware is distributed via torrent files that advertise license crackers for applications such as Adobe Premiere Pro or Microsoft Office for Mac. Once installed, the software encrypts files on a victim’s computer and demands a payment in return for decrypting them. But that’s where the similarities with other forms of ransomware cease.
According to researchers at security firm ESET who discovered the ransomware last week, the ransomware lacks the code to communicate with a command-and-control server.
Traditionally ransomware sends an encryption key to the server so that those behind the ransomware can send the key to the victim once the ransom has been paid. Patcher, however, doesn’t have the means to send the key to those behind the ransomware, meaning that while a victim may pay the ransom, the crooks are unable to send through the key needed to decrypt the files even if they wanted to. If that isn’t bad enough, the encryption key generated is said to be long enough to make recovery impossible by others means such as the use of a brute-force attack to guess what the key is.
It’s not known for sure why the code base for Patcher, which is written in Apple’s Swift coding language, doesn’t complete the job. ESET speculates that the code was part of an insufficiently planned out project. Other oversights included the ransomware designer using the same bitcoin address to take payments for all users as well as using an email address provided by Mailinator, a free inbox provider that is accessible to anyone without registration or authentication to access. Those are both big no-nos when it comes to running a successful ransomware campaign.
“This new crypto-ransomware, designed specifically for macOS, is surely not a masterpiece,” ESET said. “Unfortunately, it’s still effective enough to prevent the victims accessing their own files and could cause serious damage.”
At the moment, ESET is claiming that the only software on the market able to prevent Patcher being installed is its own. Users in general are warned to be careful when downloading anything from BitTorrent sites and that they should always have a current offline backup of all their important data should they ever encounter ransomware.
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
