Ransomware.MacOS.FileCoder.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 2 |
First Seen: | January 25, 2021 |
Last Seen: | December 29, 2022 |
Ransomware for Mac computers is not that common as compared to the widely spread encrypting malware threats attacking the Windows operating system. Yet, at the end of 2020, a malware threat for macOS named Ransomware.MacOS.FileCoder.A was detected. Whenever installed on a device, FileCoder encrypts important files of the most popular formats and makes them inaccessible for the user. Subsequently, the threat actors ask victims to pay a particular ransom to get the data back. A ransom note appears in the form of a text file or as wallpaper and demands the user to pay 0.25 BTC to the attackers’ given BitCoin address. Dealing with cybercriminals is never a good idea though, as they often do not send a decrypting tool after receiving the ransom.
Ransomware.MacOS.FileCoder.A probably creates unique strings in the /Users directory, and besides locking up documents, videos, images, and other types of valuable files, it also claims to encrypt data stored in the cloud and on external devices. Unfortunately, very often encrypted data is recoverable only from backups. After that, the macOS device can be cleaned through a trusty anti-malware program.
Researchers think that Ransomware.MacOS.FileCoder.A may also have some Trojan-like capabilities, including:
- Installing additional malware
- Copying itself on the computer
- Collecting keystrokes
- Extracting saved passwords and important files
Reports indicate Ransomware.MacOS.FileCoder.A typically spreads through bundled kits containing application cracks or patches that allow the user to make unlicensed software copies licensed. As soon as the bogus crack is opened, it pretends to activate the program and asks the user to follow the instructions, while, at the same time, the malware runs its encryption routine in the background. Other distribution channels are spam emails with infected attachments and corrupted links that lead to shady websites.