Image Source: MakeMac.com
Article created to help you remove the lockscreen Mac ransomware using [email protected] e-mail to extort victims into paying in BitCoin.
A new ransomware from the Lockscreen type for Apple MacBooks has appeared in the wild. The virus does not havve a particular name, but uses sophisticated scripts to lock you out of your MacBook after which asks victims to enter a 4 digit code in order to unlock their Mac. The good news about this is that the 4-digit PIN can be cracked as @denichodev (Deni Cho) explains in Twitter. Read this article to learn how to unlock your MacBook without having to pay any ransom to the cyber-criminals behind Mac Ransomware.
Threat Summary
| Name | Padlock Mac Ransomware |
| Type | Ransomware, Lockscreen |
| Short Description | After encryption locks MacBook users out of their devices setting a hidden 4-digit pin code. |
| Symptoms | Attacks the login settings of the infected MacBook after which sets a black and white lockscreen with a white padlock and a place to enter a custom PIN code. Asks to contact [email protected] |
| Distribution Method | Spam Emails, Email Attachments, Executable files |
| Detection Tool | See If Your System Has Been Affected by Padlock Mac Ransomware Download Malware Removal Tool | User Experience | Join Our Forum to Discuss Padlock Mac Ransomware. |
| Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |
How Does Mac Ransomware Infect
The infection process of Mac ransomware is conducted via multiple methods, involving the two main types of infection objects – malicious files and malicious web links. The malicious files may actually be installation files for apps downloaded from the Apple AppStore. Such apps may have malicious functions that may bypass the sandboxing protection and drop and install custom files, similar to the malware upload and download scheme for fake applications containing WireLurker ransomware below:
Another method may be if the app is sent online via a web link sent to users via chat services, via e-mail or other form of communication. Such web links may also be caused if you have adware that generates pop-ups on your Safari web browser. Such apps are considered to generally be safe, but some of them may cause a redirect to a dangerous third-party website.
Analysis of Mac Ransomware
Once the Mac “Padlock”ransomware slithers onto your computer it may extract files and hide them within your MacBook. After doing so, the virus may modify components of the login segment of the MacOS, resulting in displaying the following lock screen:
Image Source: Deni Cho Twitter Account (@denichodev)
From there, the virus asks to contact a so-called “Apple Help” e-mail and when this is done, the following message was reported to be sent from the cyber-criminals:
“Hello!
Your device is locked. To activate your device:
Pay 50$ to the Bitcoin Address: 1AQtRCX15YrXzPUZic7FbMotrqLemzjnRi
Buy bitcoins online: coinbase . com
Purchase bitcoins through a debit or credit card for buying bitcoins.
Register on the site.
After payment we send you a password immediately.
If you do not receive payment within 24 hours, the amount will be increased to 150$.”
Thankfully the code of this virus can be bruteforced manually, so keep reading to learn how to do it and unlock your computer for free.
How to Unlock Your MacBook from Padlock Mac Ransomware
Since the code is reported to be a 4-digit type of code, the virus can be bruteforced by simply writing down every possible combination from 0000 to 9999. However, the malware may lock your computer for 60 minutes if you are not careful. The user Deni Cho has managed to unlock his virus with a code 9169, but he had to try each combination, but has later identified that this virus can also be bruteforced. The expert asks to private message him in his Twitter account to understand how to bruteforce this screen and answer any questions on this virus.
If you manage to unlock your computer, we strongly advise you to pull all your files in the cloud and change all of your passwords. If possible, it is reccomended to extract the files on an external HDD and reinstall the MAC (Factory Reset it) to get rid of this threat after you have unlocked it with the code.
