Can a Mac get ransomware? Yes. Yes, it can.

The “fact” that it is impossible to get a virus on a Mac has been something of an urban legend for many years.

But as most people in-the-know were already aware, this is much more “legend” and much less “fact” than generally suspected.

Because a new Mac virus – a piece of ransomware called ThiefQuest – has recently been discovered. And it’s a doozy…

The new Mac ransomware is literally “evil”

Originally named “EvilQuest”, ThiefQuest is a specific type of virus called ransomware. The goal of ransomware is to encrypt your important files and to demand payment – a “ransom” – to return access to you.

To do this, ThiefQuest:

  • Installs a keylogger to track what you’re typing
  • Installs a remote shell (a kind of remote link which allows them to run custom commands)
  • Encrypts the files on your Mac
  • Can also steal cryptocurrency wallet files

The solution the attacker wants you to arrive at is that paying them money is easier than cleaning your system.

Unfortunately, you have no guarantees that they will return access to you – or stop logging everything you’re typing and taking your files – even if you do pay.

Isn’t it impossible to get a virus on a Mac?

Sadly, no. It might be less likely than getting a virus on a Windows OS. But it still happens. Especially with newcomers like ThiefQuest making the rounds.

Professionals from the teams of anti-malware software producers currently investigating ThiefQuest say that it seems to have been around since early June 2020.

Specifically, it seems to have been distributed via torrent sites and online platforms as part of pirated versions of well-known apps.

How do I know if I have ransomware on my Mac

On the – sort of – plus side, ThiefQuest isn’t exactly subtle about letting you know you’re infected. As soon as you execute the file, it will:

  1. Encrypt your files
  2. Show you a pop-up which tells you it’s done so
  3. Show you a text file “ransom note” on your desktop

Unfortunately, the creators of ThiefQuest didn’t think to include a method to contact them. So, while you can choose to pay, you can’t choose to tell them specifically who you are…

This means there’s no way for them to figure out who has paid them. Which, in turn, means they won’t be able to send you the decryption key you’d need to release your system.

How do I manually remove malware like this from my Mac?

At this point, if you have been infected by ThiefQuest, there’s not a lot you can do. There are some very smart people working on the problem, so all might not be lost. But as things currently stand, there’s no guarantee you will ever get your data back.

That’s why it’s so important to make sure you’ve got the best antivirus tools and are using good cybersecurity practices. Backup is a must-have! Alas, even with a Mac, putting your fingers in your ears and singing loudly about how it’s impossible to get a virus isn’t a valid tactic any more.

Thinking that now might be a good time for a quick cybersecurity review?

Dial A Geek already helps 968 businesses in Bristol and the local area know that they’re as safe as they possibly can be online.

You can watch our new ransomware video here or sign up to our newsletter to get further cybersecurity updates from us. We promise, no SPAM.