Malwarebytes came across ransomware in the form of an installer for the famous Little Snitch firewall. The program is downloaded from a Russian Torrent file exchange forum. Just these words, several crimson red alarms should ring out in the face of users!
Once installed on the Mac, the ransomware software called EvilQuest has not shown any real activity. To boost it, Thomas Reed of Malwarebytes changed the system clock setting to 3 days ahead, then disconnected the Mac from the network and restarted it twice. So finally the malware got under way and started encrypting preferences files and the keychain. It then becomes impossible to connect to software. The macOS cursor changes to a beach ball when you select an encrypted file. Apps will freeze in place, just like the Finder.
Then comes the final blow: a window appears asking for a ransom, with a Read Me file to consult on the desktop. Malwarebytes specifies that it was not the direct witness of this alert. The antivirus vendor has yet to determine the level of encryption used by EvilQuest. However, their protection software is already able to get rid of it.
To avoid getting there, on the one hand, avoid downloading shady torrents from interlope forums, and also make regular backups to be able to start from a clean system.
– .
/data/photo/2020/05/12/5eba4e8c354ac.jpeg?resize=150%2C150&ssl=1)