EvilQuest, a new ransomware, has targeted macOS users who downloaded installers for popular apps via torrent files.
However, malware lab firms like Malwarebytes, have found the ransomware attached to pirated macOS software distributed mainly through torrent sites and warez forums.
EvilQuest asks victims to pay a ransom through the same static Bitcoin (BTC) address in every documented attack, as one of the first signs that EvilQuest has deployed an attack is that macOS Finder freezes. Once file encryption is complete, a text file is generated with ransom instructions.
Brett Callow, the threat analyst and ransomware expert at malware lab Emsisoft, believed that EvilQuest is unlikely to be anything other than a very small-scale threat.
“The fact that Macs have a relatively small market share means they’re not a particularly attractive target for ransomware groups and they’re unlikely to invest significant resources in targeting Mac users.”
Likewise, findings also show that the average ransom demanded by the attackers is $50 worth in BTC. Victims are usually given a deadline of 72 hours to pay.
Thus, Callow added:
“That said, a threat is a threat and it’s something Mac-users should be aware of. Thankfully, as this ransomware appears to be targeted exclusively via pirated software, it’s very easily avoided simply by not using pirated software. That holds true whether you’re a Mac user or a Windows user: pirated software and cracks are the primary distribution method for the types of ransomware that target home users.”