Can a Mac get ransomware? Yes. Yes, it can.
The “fact” that it is impossible to get a virus on a Mac has been something of an urban legend for many years.
But as most people in-the-know were already aware, this is
much more “legend” and much less “fact” than generally suspected.
Because a new Mac virus – a piece of ransomware called
ThiefQuest – has recently been discovered. And it’s a doozy…
The new Mac ransomware is literally “evil”
Originally named “EvilQuest”, ThiefQuest is a specific type
of virus called ransomware. The goal of ransomware is to encrypt your important
files and to demand payment – a “ransom” – to return access to you.
To do this, ThiefQuest:
- Installs a keylogger to track what you’re typing
- Installs a remote shell (a kind of remote link
which allows them to run custom commands)
- Encrypts the files on your Mac
- Can also steal cryptocurrency wallet files
The solution the attacker wants you to arrive at is that
paying them money is easier than cleaning your system.
Unfortunately, you have no guarantees that they will return
access to you – or stop logging everything you’re typing and taking your files
– even if you do pay.
Isn’t it impossible to get a virus on a Mac?
Sadly, no. It might be less likely than getting a virus on a
Windows OS. But it still happens. Especially with newcomers like ThiefQuest
making the rounds.
Professionals from the teams of anti-malware software
producers currently investigating ThiefQuest say that it seems to have been
around since early June 2020.
Specifically, it seems to have been distributed via torrent
sites and online platforms as part of pirated versions of well-known apps.
How do I know if I have ransomware on my Mac
On the – sort of – plus side, ThiefQuest isn’t exactly subtle
about letting you know you’re infected. As soon as you execute the file, it
- Encrypt your files
- Show you a pop-up which tells you it’s done so
- Show you a text file “ransom note” on your desktop
Unfortunately, the creators of ThiefQuest didn’t think to
include a method to contact them. So, while you can choose to pay, you can’t
choose to tell them specifically who you are…
This means there’s no way for them to figure out who has paid
them. Which, in turn, means they won’t be able to send you the decryption key
you’d need to release your system.
How do I manually remove malware like this from my Mac?
At this point, if you have been infected by ThiefQuest,
there’s not a lot you can do. There are some very smart people working on the
problem, so all might not be lost. But as things currently stand, there’s no
guarantee you will ever get your data back.
That’s why it’s so important to make sure you’ve got the best
antivirus tools and are using good cybersecurity practices. Backup is a must-have!
Alas, even with a Mac, putting your fingers in your ears and singing loudly
about how it’s impossible to get a virus isn’t a valid tactic any more.
Thinking that now might be a
good time for a quick cybersecurity review?
Dial A Geek already helps 968 businesses in Bristol and the local
area know that they’re as safe as they possibly can be online.
You can watch our new ransomware video here or sign up to our newsletter to get further cybersecurity updates from us. We promise, no SPAM.