‘Filecode’ ransomware attacks your Mac – how to recover for free


01 Mar 2017

Last week, SophosLabs showed us a new ransomware sample.

That might not sound particularly newsworthy, given the number of malware variants that show up every day, but this one is more interesting than usual because it’s targeted at Mac users. (No smirking from the Windows tent, please!) In fact, it was clearly written for the Mac on a Mac by a Mac user, rather than adapted (or ported, to use the jargon term, in the sense of “carried across”) from another operating system. This ransomware, detected and blocked by Sophos as OSX/Filecode-K and OSX/Filecode-L, was written in the Swift programming language, a relatively recent programming environment that comes from Apple and is primarily aimed at the macOS and iOS platforms.

The good news is that you aren’t likely to be troubled by the Filecode ransomware, for a number of reasons:

Filecode apparently showed up because it was planted in various guises on software piracy sites, masquerading as cracking tools for mainstream commercial software products. So far, we’re not aware of Filecode attacks coming from any other quarter, so if you stay away from sites claiming to help you bypass the licensing checks built into commerical software, you should be OK.

Filecode relies on built-in macOS tools to help it find and scramble your files, but doesn’t utilise these tools reliably. As a result, in our tests, the malware sometimes got stuck after encrypting just a few files.

Filecode uses an encryption algorithm that can almost certainly be defeated without paying the ransom. As long as you have an original, unencrypted copy of one of the files that ended up scrambled, it’s very likely that you will be able to use one of a number of free tools to “crack” the decryption key and to recover the files for yourself.

Ironically, the fact that you can recover without paying comes as a double relief.

That’s because the crook behind this ransomware failed to keep a copy of the random encryption key chosen for each victim’s computer.

We’ve written about this sort of ransomware before, dubbing it “boneidleware“, because the crooks were sufficiently inept or lazy that they didn’t even bother to set up a payment system, scrambling (or simply deleting) your files, throwing away the key, and then asking for money in the hope that at least some victims would pay up anyway.

Read full article here....

Article published on https://nakedsecurity.sophos.com

Call now on 0333 344 6501 and get a free consultation or contact us via the website »