The latest macOS ransomware is here – and it’s hiding in plain sight

Mac owners are being warned to be vigilant as a new strain of ransomware threatens Apple’s macOS.

Circulated via torrent and warez websites, the ‘Patcher’ malware disguises itself as a crack to get free access to expensive programs like Adobe Premiere Pro, Microsoft Office and others.

When the files are opened and executed, a window pops up with no background and a prompt to ‘Start’ in order to crack the program in question.


Related: MWC 2017

By doing that, it will start the encryption process, which locks up all the computer’s files behind a 25-character encryption key. It also alters every file name so that it has a ‘.crypt’ extension and changes the last modified date for all files to February 13, 2010.

When the deed is done, a README file explains that it will cost 0.25 bitcoin to unlock the files, which is around £229 at today’s exchange rate.

From there the plot thickens. It’s reported that due to the fact Patcher doesn’t upload the encryption keys to a specific Command & Control (C&C) server, it’s not actually possible for the creator to decrypt the files.

Therefore, even if you were to pay the ransom, the files are likely to be lost forever.

As a result, anyone affected by ransomware is encouraged not to pay the ransom to unlock files. Instead, it’s recommended that you restore your system to an earlier back-up.

Watch: Apple MacBook Pro 13 (2016) review

What steps do you take to avoid ransomware? Let us know in the comments below.

Unlike other sites, we thoroughly review everything we recommend, using industry standard tests to evaluate products. We’ll always tell you what we find. We may get a commission if you buy via our price links. Tell us what you think – email the Editor