Mac users hoping to score Adobe Premiere Pro CC and Microsoft Office for free through BitTorrent sites are in for an ugly surprise thanks to a new ransomware making the rounds. The ransomware, called OSX/Filecoder.E, encrypts the contents of victim’s hard drives and demands payment in Bitcoin, but there isn’t any way to actually decrypt and recover files.
OSX/Filecoder.E poses as a tool to crack the copy protection for Premiere Pro or Office. When run, it encrypts victim’s /Users directory in a ZIP archive and saves a Read Me file with instructions on where to send Bitcoin currency to decrypt the files. The malware targets all the files on connected drives, too, which means your local backups could be ruined.
As if locking someone out of their files and demanding money isn’t bad enough, the coders behind OSX/Filecoder.E didn’t include a way to send the randomly generated encryption key to their servers. That means once the malware encrypts your files there isn’t any way to recover them, even after paying the ransom. The hackers literally have no way to decrypt your files.
WeLiveSecurity’s Marc-Etienne M.Léveillé said,
There is one big problem with this ransomware: it doesn’t have any code to communicate with any C&C server. This means that there is no way the key that was used to encrypt the files can be sent to the malware operators.
This also means that there is no way for them to provide a way to decrypt a victim’s files. Paying the ransom in this case will not bring you back your files. That’s one of the reasons we advise that victims never pay the ransom when hit by ransomware.
WeLiveSecurity analyzed the malware and said it looks like the coder behind OSX/Filecoder.E isn’t very experienced because of their sloppy work. And leaving out a way to store the random encryption key from victim’s Macs seems like a big oversight—or a vindictive move.
Protecting your Mac from this ransomware is pretty easy: don’t use apps to crack app serial numbers and activation codes. Downloading commercial apps from unauthorized sources, like file sharing Bittorrent servers, is a great way to get stung, too. Regardless, OSX/Filecoder.E is a great reminder why stealing software is a bad idea.
Lee, you’re right they have updated the XProtect files.
So, if I’m reading this correctly, users who intended to commit a crime find themselves victim of a crime. Huh. Sorry, can’t seem to locate any sympathy lying around.
Or don’t pirate software.
Or never use your main computer for bit torrent. Or, back-up, back-up, back-up to drive – and disconnect from Mac after back-ups.
We should soon see an OSX and Safari update to patch this.