large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

The latest macOS ransomware is here – and it’s hiding in plain sight

Mac owners are being warned to be vigilant as a new strain of ransomware threatens Apple’s macOS.

Circulated via torrent and warez websites, the ‘Patcher’ malware disguises itself as a crack to get free access to expensive programs like Adobe Premiere Pro, Microsoft Office and others.

When the files are opened and executed, a window pops up with no background and a prompt to ‘Start’ in order to crack the program in question.


Related: MWC 2017

By doing that, it will start the encryption process, which locks up all the computer’s files behind a 25-character encryption key. It also alters every file name so that it has a ‘.crypt’ extension and changes the last modified date for all files to February 13, 2010.

When the deed is done, a README file explains that it will cost 0.25 bitcoin to unlock the files, which is around £229 at today’s exchange rate.

From there the plot thickens. It’s reported that due to the fact Patcher doesn’t upload the encryption keys to a specific Command & Control (C&C) server, it’s not actually possible for the creator to decrypt the files.

Therefore, even if you were to pay the ransom, the files are likely to be lost forever.

As a result, anyone affected by ransomware is encouraged not to pay the ransom to unlock files. Instead, it’s recommended that you restore your system to an earlier back-up.

Watch: Apple MacBook Pro 13 (2016) review

What steps do you take to avoid ransomware? Let us know in the comments below.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.