A virus, named Filecoder by researchers has appeared and has begun to infect macOS users, according to ESET experts. The malware uses fake cracks and patches for unlicensed versions of Adobe Premiere Pro as well as Microsoft Office for macOS. It was also detected on multiple torrent download websites.
Filecoder Infects via .ZIP Files
Reports indicate that this malicious software is spread in a bundled kit of applications that are software patches to make unlicensed software licensed. If the fake patch is opened, the victims receive instructions to click on a “Start” button which only pretends to patch the software, but instead causes the inevitable encryption in a hidden process.
The Filecoder virus then creates a unique string that encrypts files which are located in the /Users directory and any external devices and storage in the cloud.
The ransom note of this malware demands the victims to pay a hefty 0.25 BTC to a BitCoin address and then wait for the files to be decrypted by the cyber-criminals.
The Worse News
Even though it is promised to wait for decryption to take place, the Filecoder ransomware is not able to establish active communication with it’s command and control servers, which means that it doesn’t send any encryption keys, making decryption rather impossible.
What is even worse is that the decryption key itself cannot be cracked by the brute-forcing method, because it is too long in size.
At this point, there are no reports of victims paying the ransom and it is highly advisable to not pay anything and look for alternative to get the data back, even though the encryption of this virus is very sophisticated.