EvilQuest, a new ransomware, has targeted macOS users who downloaded installers for popular apps via torrent files.
#macOS #ransomware impersonating as Google Software Update program with zero detection. MD5: 522962021E383C44AFBD0BC788CF6DA3 6D1A07F57DA74F474B050228C6422790 98638D7CD7FE750B6EAB5B46FF102ABD@philofishal @patrickwardle @thomasareed pic.twitter.com/r5tkmfzmFT — Dinesh_Devadoss (@dineshdina04) June 29, 2020
However, malware lab firms like Malwarebytes, have found the ransomware attached to pirated macOS software distributed mainly through torrent sites and warez forums.
EvilQuest asks victims to pay a ransom through the same static Bitcoin (BTC) address in every documented attack, as one of the first signs that EvilQuest has deployed an attack is that macOS Finder freezes. Once file encryption is complete, a text file is generated with ransom instructions.
Brett Callow, the threat analyst and ransomware expert at malware lab Emsisoft, believed that EvilQuest is unlikely to be anything other than a very small-scale threat.
“The fact that Macs have a relatively small market share means they’re not a particularly attractive target for ransomware groups and they’re unlikely to invest significant resources in targeting Mac users.”
Likewise, findings also show that the average ransom demanded by the attackers is $50 worth in BTC. Victims are usually given a deadline of 72 hours to pay.
EvilQuest ransomware is targeting macOS users that download infected software through torrent sites https://t.co/s8uDDZmqLo — Cointelegraph (@Cointelegraph) July 1, 2020
Thus, Callow added:
“That said, a threat is a threat and it’s something Mac-users should be aware of. Thankfully, as this ransomware appears to be targeted exclusively via pirated software, it’s very easily avoided simply by not using pirated software. That holds true whether you’re a Mac user or a Windows user: pirated software and cracks are the primary distribution method for the types of ransomware that target home users.”