Ransomware.MacOS.FileCoder.A DescriptionType: Ransomware MacOS
Ransomware for Mac computers is not that common as compared to the widely spread encrypting malware threats attacking the Windows operating system. Yet, at the end of 2020, a malware threat for macOS named Ransomware.MacOS.FileCoder.A was detected. Whenever installed on a device, FileCoder encrypts important files of the most popular formats and makes them inaccessible for the user. Subsequently, the threat actors ask victims to pay a particular ransom to get the data back. A ransom note appears in the form of a text file or as wallpaper and demands the user to pay 0.25 BTC to the attackers’ given BitCoin address. Dealing with cybercriminals is never a good idea though, as they often do not send a decrypting tool after receiving the ransom.
Ransomware.MacOS.FileCoder.A probably creates unique strings in the /Users directory, and besides locking up documents, videos, images, and other types of valuable files, it also claims to encrypt data stored in the cloud and on external devices. Unfortunately, very often encrypted data is recoverable only from backups. After that, the macOS device can be cleaned through a trusty anti-malware program.
Researchers think that Ransomware.MacOS.FileCoder.A may also have some Trojan-like capabilities, including:
- Installing additional malware
- Copying itself on the computer
- Collecting keystrokes
- Extracting saved passwords and important files
Reports indicate Ransomware.MacOS.FileCoder.A typically spreads through bundled kits containing application cracks or patches that allow the user to make unlicensed software copies licensed. As soon as the bogus crack is opened, it pretends to activate the program and asks the user to follow the instructions, while, at the same time, the malware runs its encryption routine in the background. Other distribution channels are spam emails with infected attachments and corrupted links that lead to shady websites.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.