A new form of crypto-ransomware for macOS is being spread through BitTorrent and researchers say because of its poor design victims may not be able to recover their data even if they pay up.
ESET in its blog details the ransomware termed OSX/Filecoder.E, which is written in Apple's Swift programming language and distributed via BitTorrent sites. It masquerades as a cracking tool for commercial softwares like Adobe Premiere Pro CC and Microsoft Office for Mac.
The poor design leads to a problematic scenario with the way it encrypts files. What looks to be the work of an amateur coder, the ransomware generates a single encryption key for all files and then stores the files in encrypted zip archives. But since the malware doesn't have any ability to communicate with an external server, the encryption key is never sent to the attacker before potentially being destroyed.
This means the typical threat generated by ransomware having README and PAYUP signs are not of much use as the victims even after following the instructions for paying up may not get their files back. ESET says since the encryption is strong it will not be easy to crack it using alternative means.
Apple operating systems – iOS or macOS – are rarely associated with malware compared to Android and Windows but this is the second such major threat found. The KeRanger was the first fully functional OS X ransomware to be found last year.
How to protect yourself
With this ransomware, which is designed specifically for macOS, there is a risk when downloading pirated software. ESET recommends your Macbook have a security product installed and of course a current, offline, backup of all your important data.