Ransomware is one of today’s most common digital threats. While the vast majority of ransomware you’ve read about targets users of Windows computers, criminal coders haven’t forgotten about all the folks out there using Macs.
Experts at ESET recently discovered a new strain of ransomware targeting macOS users. Called Patcher, it’s written in Apple’s own Swift programming language… though not particularly skillfully, according to ESET’s Marc-Etienne M.Léveillé. Deficiencies in the ransomware’s code appear to make it impossible for victims to recover their files.
There’s no code in Patcher that would allow it to communicate with a control server. That oversight (or omission) means that once Patcher has encrypted a victim’s files there’s really no way to initiate a decryption sequence to restore them.”Paying the ransom in this case will not bring you back your files,” ESET notes, which is just one of the reasons security pros advise against ever paying ransomware crooks.
Protecting Yourself Against Patcher
You don’t need to be on the lookout for suspicious emails to avoid a Patcher infection. So far, Patcher isn’t being spread via a phishing campaign like most ransomware. Patcher is being distributed on Torrent sites, where it’s been shared as an activation crack for either Microsoft Office 2016 or Adobe Premiere Pro CC 2017.
That’s been a popular tactic among malware distributors for years. In their quest to find a way to unlock the full version of a pricey piece of software like Office or Premiere, users aren’t always as careful as they should be when it comes to opening files they find on the Internet. They’re willing to take a leap of faith and, unfortunately, sometimes they fall flat.
Staying safe isn’t all that tricky in this particular case. If you stick to downloading apps from trusted sources like the Mac App Store — or Microsoft and Adobe if you’re looking for Office and Premiere Pro specifically — and don’t try to crack or patch them you won’t have to worry about your Mac’s precious files being lost forever.
Source: SANS ISC SecNewsFeed @ February 24, 2017 at 08:24AM