EvilQuest Ransomware

New ‘EvilQuest’ Mac ransomware found in pirated apps encrypts users files – 9to5Mac

Mac users are now exposed to a new “EvilQuest” ransomware that encrypts files and causes multiple issues to the operating system. Malwarebytes has analyzed the ransomware today, which is being distributed through macOS pirate apps.

The malicious code was first found in a pirate copy of the Little Snitch app available on a Russian forum with torrent links. The downloaded app comes with a PKG installer file, unlike its original version.

By examining this PKG file, Malwarebytes discovered that the app comes with a “postinstall script,” which is typically used to clean up the installation after the process is completed. In this case, however, the script implements a malware to the macOS.

The script file is copied to a folder related to the Little Snitch app under the name CrashReporter, so the user won’t notice it running in the Activity Monitor since macOS has an internal app with a similar name. The set location is: /Library/LittleSnitchd/CrashReporter.

Malwarebytes notes that it takes some time before the ransomware starts working after it’s installed, so the user won’t associate it with the latest app installed. Once the malicious code is activated, it modifies system and user files with unknown encryption.

Part of the encryption causes the Finder not to work properly and the system crashes constantly. Even the system’s Keychain gets corrupted, so it’s impossible to access passwords and certificates saved on the Mac. A message on the screen says the user must pay $50 to recover its files, otherwise everything will be deleted after three days.

There’s still no way to get rid of malware after it has encrypted the files without formatting the entire disk, so users should keep an updated backup of everything.

The best way of avoiding the consequences of ransomware is to maintain a good set of backups. Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)

Although the ransomware is only included with pirated apps for now, Apple must fix this security flaw as quickly as possible since this malicious code can be included in more apps distributed outside the App Store.

You can read more technical details about EvilQuest on Malwarebytes’ website.

FTC: We use income earning auto affiliate links. More.

Apple July 4 sale Adorama

Check out 9to5Mac on YouTube for more Apple news:

Read More

Failed Ransomware

Ransomware Gang Failed to Deploy an Attack Against 30 US Firms – Cointelegraph

Symantec revealed that a WastedLocker ransomware attack was blocked on time after an early alert by the cybersecurity firm.

22274 Total views

130 Total shares

Ransomware Gang Failed to Deploy an Attack Against 3src US Firms

Cybersecurity firm Symantec blocked a ransomware attack by a group known for demanding payment in Bitcoin (BTC) directed at 30 U.S.-based firms and Fortune 500 companies.

The announcement published by the cybersecurity firm claims that the Evil Group, the malware gang behind the attacks, targeted the IT infrastructures of the firms. Still, the companies were alerted in time to prevent deployment of the ransomware. The group used the ransomware WastedLocker and managed to breach the security of the victims’ networks and unsuccessfully attempted to laying the ground for staging the attacks.

Gang asks for million-dollar payments 

Cointelegraph reported recently a study made by the cybersecurity firm Fox-IT, a division of NCC Group, warned about the return of Evil Group’s cybercriminal activities, after a short period of going quiet.

The gang is well known for asking its victims to pay million-dollar ransom payments in cryptocurrencies like Bitcoin. There are reports that the group had been asking for a combined total of $10 from an unknown number of U.S. companies that were recently attacked.

Symantec’s Targeted Attack Cloud Analytics team first detected the early stages of WastedLocker attacks by relying on advanced machine learning to spot patterns of activity related to recent targeted attacks.

Evil Group targeted 31 companies in the blocked attack, one of the firms is a U.S.-based subsidiary of an overseas multinational.

Most affected sector

Symantec did not identify the intended victims but the cybersecurity firm’s report said the manufacturing sector was most affected, as the gang targeted five organizations related to that industry.

According to Symantec, had the attackers not been disrupted, “successful attacks could have led to millions in damages, downtime, and a possible domino effect on supply chains.”

Evil Group had previously halted its operations until January 2020 due to the indictment of alleged members, Igor Olegovich Turashev and Maksim Viktorovich Yakubets.

Read More