Security researchers have discovered that devices using macOS are vulnerable to a powerful ransomware attack.
Security company Malwarebytes has discovered that the ThiefQuest ransomware – formerly known as EvilQuest – is spread through pirated versions of popular macOS software – available via torrent downloads.
Some users reported being shown a notification that informed them that their files had been encrypted and that they needed to pay the guilty party to decrypt their data.
Malwarebytes researcher Thomas Reed said that he had needed to set his system clock ahead three days and restart his network connection and computer before the malware began encrypting the test computer’s files.
“If your files get encrypted, we’re not sure how dire a situation that is,” said Reed.
“It depends on the encryption and how the keys are handled. It’s possible that further research could lead to a method for decrypting files, and it’s also possible that won’t happen.”
How to protect yourself against ThiefQuest
“The best way of avoiding the consequences of ransomware is to maintain a good set of backups,” said Reed.
“Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)”
However, it was also highlighted by security researcher Patrick Wardle of Objective-See that the security package he tested was unsigned, which means that macOS shows the user a warning that specifically tells them they will be exposing their computer to malware.
Therefore, users who pay attention to such cautions are likely to avoid installing the ransomware.
Additionally, Reed said that this software was very explicit in its operations.
” I don’t really understand the point of this very noisy ransomware. When I installed it for testing, every 30 seconds the computer was screaming at me, beeping at me all the time. It’s really noisy in both the literal and digital sense.”
Both Reed and Wardle said that both of their security solutions were capable of detecting the security risk posed by this software.