‘Patcher’: New MacOS Ransomware is an Alarm for Piracy Lovers

‘Patcher’ a new ransomware family has been discovered that targets MacOs users. Antivirus company ESET has just discovered the new MacOS ransomware that is dangerous and bad news in general. A badly coded ransomware is being spread through torrents and other piracy websites. It was found on BitTorrent and other peer-to-peer distribution site.

Next time when you download Adobe Premiere Pro and Microsoft Office for Mac from BitTorrent or other torrent download website make sure you are giving an open invitation to this ransomware. Currently, being distributed as a cracked or pirated version of popular software, Patcher brings a bad news to the end users.

Patcher Ransomware for Mac

Patcher is poorly coded ransomware as per ESET security researchers. It does not communicate with author nor sends any decryption key to the author. Upon activation, it asks for 0.25 Bitcoin as a ransom. However, the really story starts here. Since the author do not know decryption key, there is no way you can decrypt the file.

You would not only end up paying a ransom to the author but also end up not being able to decrypt any file. The patcher disguise itself as a patching or cracking module in popular software.Disguised as an executable patching file, upon running it will display an image with no background.

patcher window

Patcher Encryption

When you click on “Start” button, the encryption process begins encrypting all your files. It uses long 25 characters encryption key that it uses in the process. Since it lacks the ability to communicate with the author, the author does not have any clue about the decryption key that needs to decrypt file.

patcher ransomware Mac

The worst part is that since the encryption is 25 characters long, it is almost impossible for any brute force software to guess the key. It could take years to decrypt it making it next to impossible to decrypt it. It adds .crypt extension at the end of the file. Upon activation, it locks each and every file one by one with same encryption key. Moreover, it also locks  /Users and /Volumes network storage drives.

crypt locked file

Like with all the ransomware, there is a READM!.txt file created for the end users with the necessary instruction to decrypt the file. It essentially contains bitcoin address and ransom amount you need to pay. Paying ransom will not bring back your files.

Hopefully, the post will make everyone aware of this worst situation. This is a worst case scenario where you as a sufferer pay amount and still do not get back your files. Such act should be condemned and should not be supported. Having said, MacOS ransomware is emerging and it is likely to increase this year.

Downloading pirated software is a bad practice. Users should be extra careful when downloading pirated software especially from the unknown source or channels. It is highly recommended that you take offline backup of all your important data. Taking a backup on external disk is highly recommended.

Credit [Welivesecurity]

You might also like More from author

Comments are closed.