Swift-based ransomware targets Mac pirated software seekers

Wednesday, February 22, 2017

There is a new ransomware for Macs that has been discovered. It is "poorly coded" in Swift programming language. It encrypts the user's files and demands payment to get your files back. In the end, regardless if you pay or not, your files will not be decrypted.

The ransomware is found in Bit Torrent sites with the name Patcher. It poses as a crack for removing copy protection and licensing systems that are used with popular software like Adobe Premiere Pro and Microsoft Office 2016. It is possible that it is circulating under different names.

When you launch the "patcher" the malware opens up a window teling the user to press the "start" button to crack/patch the software you wish to crack. If you press the start button, you will have passed the point of no return. It will start encrypting files throughout your computer with a randomly-generated 25-character key in an archive, and deleting the original files. It will put a Readme file in each directory that explains that to get your files back, you must pay 0.25 bitcoin to unlock your files. While it is claimed files will be decrypted within 24 hours of the random's payment, another option to pay 0.45 bitcoin is also offered, touting decryption within ten minutes.

 

The worst part of this whole experience is that even if you pay the ransom, you will never be able to decrypt your files. They are lost. The lesson here is do not download things you don't trust and don't trust software from Bit Torrent sites. Stay away from pirated software.