The latest macOS ransomware is here – and it’s hiding in plain sight

Mac owners are being warned to be vigilant as a new strain of ransomware threatens Apple’s macOS.

Circulated via torrent and warez websites, the ‘Patcher’ malware disguises itself as a crack to get free access to expensive programs like Adobe Premiere Pro, Microsoft Office and others.

When the files are opened and executed, a window pops up with no background and a prompt to ‘Start’ in order to crack the program in question.


Related: MWC 2017

By doing that, it will start the encryption process, which locks up all the computer’s files behind a 25-character encryption key. It also alters every file name so that it has a ‘.crypt’ extension and changes the last modified date for all files to February 13, 2010.

When the deed is done, a README file explains that it will cost 0.25 bitcoin to unlock the files, which is around £229 at today’s exchange rate.

From there the plot thickens. It’s reported that due to the fact Patcher doesn’t upload the encryption keys to a specific Command & Control (C&C) server, it’s not actually possible for the creator to decrypt the files.

Therefore, even if you were to pay the ransom, the files are likely to be lost forever.

As a result, anyone affected by ransomware is encouraged not to pay the ransom to unlock files. Instead, it’s recommended that you restore your system to an earlier back-up.

Watch: Apple MacBook Pro 13 (2016) review

What steps do you take to avoid ransomware? Let us know in the comments below.