Mistakes made by the developer of the MacOS ThiefQuest ransomware allows the recovery of encrypted files without paying any ransom. The ransomware, originally named EvilQuest, deploys the encryption routine immediately after infecting the system. It does not offer a method of contacting the attackers after paying the ransom, so the infected files will not be unlocked even if a ransom was paid. The ransom note states that the victim has 72 hours to pay the $50 ransom to unlock the files and does include a static Bitcoin wallet address to send the money to, but does not include an email address or a website to contact the attackers. The researchers at BleepingComputer believe that the true purpose of ThiefQuest is to search for and steal files from infected systems. The researchers have found a data exfiltration script that steals files with a variety of extensions. Security researchers have seen the malware distributed in the wild for more than a month, usually hidden inside pirated software shared on torrent portals and online forums.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.