![]() ![]() “In other words, the encrypted files can no longer be decrypted once the malware has terminated – the TargetFileKey will be freed from program’s memory and hence it becomes more challenging to create a decryptor or recovery tool to restore the encrypted files,” the researchers wrote, “Moreover, it doesn’t have any function to communicate with any C&C server for the TargetFileKey meaning there is no readily available copy of the key to decrypt the files.” After reverse engineering its encryption/decryption algorithm, Joven and Chin Yick Low noticed that TargetFileKey – something that would be key to decrypting files – is permuted with a random generated number. The ransomware asks the victim for a quarter (.25 BTC) Bitcoin, roughly $700, and tells them to contact another ProtonMail address, to decrypt their files but researchers say it’s unclear if that’s even possible.īecause of the algorithm the malware uses, the researchers say they’re skeptical that files infected by the ransomware can be decrypted. Below is the ransomware’s file path denoted by %: If it’s not, the ransomware uses symmetric encryption with a hardcoded key to encrypt victims’ files, and stops after it has encrypted 128 files. Once the malware is initiated, the researchers claim it determines whether it’s being run in a non-Mac environment or if its being debugged. As long as users don’t open it – or any files from unknown developers, they’d seemingly be safe, they write. Clicking open in this instance allows the ransomware to run. zip file of the ransomware and carried out an analysis, a prompt pops up informing the user the program is from an unidentified developer. The researchers went back and forth with the creators on details such as the Bitcoin amount a target would pay, the Bitcoin address, when the ransomware could be triggered, and if it could be executed via USB.Īccording to Joven and Chin Yick Low, who eventually received a. Unlike most hackers on the darknet, we are professional developers with extensive experience in software development and vast interest in surveillance,” the email reads, “You can depend on our software as billions of users world-wide rely on our clearnet products.” ![]() “We believed people were in need of such programs on macOS, so we made these tools available for free. What the researchers received back was an email from security researchers, purportedly former engineers at Yahoo and Facebook, who said they had a knack for creating Mac malware. Rommel Joven and Wayne Chin Low, two researchers with Fortinet’s FortiGuard Lion Team, did just that and described what they found in a blog entry Friday. Interested parties need to contact the ransomware’s creators directly, via a secure ProtonMail email address, to build the ransomware. ![]() It leverages a portal hosted on the Tor network, but attackers looking for the malware won’t find it there. Researchers on Friday began warning of MacRansom, a new and free macOS-based ransomware as a service (RaaS) that’s been making the rounds over the past several weeks. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |