A newly discovered form of ransomware that targets macOS users encrypts files but because of poor coding provides no way for the files to be decrypted, according to a report published Wednesday.

Called Patcher, the ransomware is distributed via torrent files that advertise license crackers for applications such as Adobe Premiere Pro or Microsoft Office for Mac. Once installed, the software encrypts files on a victim’s computer and demands a payment in return for decrypting them. But that’s where the similarities with other forms of ransomware cease.

According to researchers at security firm ESET who discovered the ransomware last week, the ransomware lacks the code to communicate with a command-and-control server.

Traditionally ransomware sends an encryption key to the server so that those behind the ransomware can send the key to the victim once the ransom has been paid. Patcher, however, doesn’t have the means to send the key to those behind the ransomware, meaning that while a victim may pay the ransom, the crooks are unable to send through the key needed to decrypt the files even if they wanted to. If that isn’t bad enough, the encryption key generated is said to be long enough to make recovery impossible by others means such as the use of a brute-force attack to guess what the key is.

It’s not known for sure why the code base for Patcher, which is written in Apple’s Swift coding language, doesn’t complete the job. ESET speculates that the code was part of an  insufficiently planned out project. Other oversights included the ransomware designer using the same bitcoin address to take payments for all users as well as using an email address provided by Mailinator, a free inbox provider that is accessible to anyone without registration or authentication to access. Those are both big no-nos when it comes to running a successful ransomware campaign.

“This new crypto-ransomware, designed specifically for macOS, is surely not a masterpiece,” ESET said. “Unfortunately, it’s still effective enough to prevent the victims accessing their own files and could cause serious damage.”

At the moment, ESET is claiming that the only software on the market able to prevent Patcher being installed is its own. Users in general are warned to be careful when downloading anything from BitTorrent sites and that they should always have a current offline backup of all their important data should they ever encounter ransomware.

Photo: Pixabay