The new ransomware for MacOS systems was called OSX Filecoder.E by the ESET researchers. The virus is spreading through bittorrent websites and the users that fall into the trap of this ransomware are not able to recover their data or files back even if they pay the ransom. ESET researchers have noticed that the ransomware is very poorly designed.
OSX Filedecoder.E is disguised as a cracking tool for commercial software like Adobe Premiere Pro CC or Microsoft Office for Mac operating systems. The programming language the virus is written into is Apple Swift and judging by the multiple mistakes made into its implementation, it seems that the developer was an inexperienced one. The installer is not signed with a development certificate issued by Apple, that’s the reason why it’s very difficult to install the malware on the new OS X and MacOS operating systems.
Yet another problem seems to be the one that it generates only one encryption key for all the files and then it stocks the files into encrypted ZIP archives and the malware does not have the ability to communicate with an external server. That way the encryption key will not reach the attacker before being destroyed. This means that even if the user pays the ransom by following the hackers instruction (usually located into a README!.txt file), the user will not get his data or files back.
The encryption seems to be strong, and it can’t be broken through alternative ways. „The random ZIP password is generated with arc4random_uniform which is considered a secure random number generator. The key is also too long to brute force in a reasonable amount of time.“, researchers from ESET wrote in a blog post on Wednesday.
Even if OSX Filecoder.E seems to be the art of an inexperienced attacker, it still show us that MacOS is still a target for ransomware developers. Better safe than sorry we say! Stay safe!