EvilQuest Ransomware

By GoldSparrow in Mac Malware, Ransomware

Translate To:

EvilQuest Ransomware Image

The EvilQuest Ransomware is a brand-new file-locker that appears to target Mac computers only. This is rather unusual, as there are not many data-encrypting Trojans, which go after OSX systems – most target Windows computers.

According to malware researchers, the EvilQuest Ransomware is being propagated via bogus applications for Mac, like Mixer and Ableton. The creators of the EvilQuest Ransomware appear to use another distribution method in addition to the fake pirated copies of the aforementioned applications – a modified version of the Little Snitch application. This app is a torrent-sharing tool, which is a household name in the world of online piracy. To avoid raising any red flags, the installers responsible for the EvilQuest Ransomware propagation also will offer a functioning copy of the application alongside the threat. For example, if the user has installed a modified copy of the Little Snitch application, which carried the payload of the EvilQuest Ransomware, the torrent-sharing utility will work as intended to avoid raising suspicion.

TWIM Episode 14 Part 1: EvilQuest Ransomware Targeting Mac Computers via Pirated MacOS Apps

Once cybersecurity experts spotted the EvilQuest Ransomware, they studied it and found that this file-locker is not always executed successfully. This is likely due to the multiple bugs present in the project. If the EvilQuest Ransomware manages to run on the compromised host, its final execution is delayed by several days. This is a trick utilized by many cyber crooks – if the threat is not executed immediately, it is far more difficult for the victim to determine the infection vector.

When the EvilQuest Ransomware is up and running, it will place its files in several Mac system folders. To gain persistence on the targeted Mac, the EvilQuest Ransomware would create multiple Launch Daemons, which will make sure that the file-locker is executed every time the user restarts their system. Users who have been affected by the EvilQuest Ransomware report that they had experienced issues with the OS, and some of their applications had stopped working. This is due to the fact that the EvilQuest Ransomware is not programmed to avoid tampering with system files and other configurations. Unlike most file-lockers that do not encrypt files responsible for the smooth running of the system, the EvilQuest Ransomware does not possess this ability.

When the EvilQuest Ransomware is done encrypting the targeted data, it will display a pop-up window that informs the users that they have fallen victim to a ransomware attack and should open a file called 'READ_ME_NOW.txt,' which contains the ransom message of the attackers. The ransom fee is set at $50, but the user has only three days to pay up. If the deadline is not met, the attackers claim that the ransom fee will be increased.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

EvilQuest Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen