ThiefQuest ransomware victims can now decrypt their for Free using this decryptor
A new type of ransomware was discovered by the researchers that target users, and it can collect passwords and credit card information, among others. The new ransomware is called ThiefQuest. Some security experts refer to it as the EvilQuest malware. Regardless of the name, the malware opens some serious vulnerabilities on the Mac operating system. This new strain of malware is specifically designed to target Mac devices.
This is the first time that malware specifically targets a particular platform. Most malware’s are designed to work on all platforms, but ThiefQuest has a specific target, and that is the Mac platform.
According to the research, the malware targets system passwords, financial information, and credit card numbers. One of the most unnerving features of the ThiefQuest malware is its ability to stay hidden. Once the malware gets access to the target system, it will launch its payload after the user reboots the device. This is what experts call a “second stage” attack. Since Mac ransomware is very rare, this new attack perspective is very effective.
Well, the security researchers from SentinelOne have now announced that they analyzed the ransomware source code and the differences between encrypted files and their original versions, lastly, they were able to reverse engineer ThiefQuest’s encryption mechanism. The blog added that ThiefQuest uses a simple symmetric-key encryption system based on the RC2 algorithm and that the ransomware stores the encryption/decryption key inside each locked file.
However, they were also able to create an application known as the ransomware decryptor that extracts this key and unlocks victims’ files. The victims can download the application from here and also get the files decrypted for free.
For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.