Ransomware is the most dangerous malware nowadays. Ransomware starts encrypting all files as soon as they reach into system. Then it left a readme.txt file asking money if the user wants to decrypt. Actually, it is not sure to get key even after sending money.
Ransomware are mostly found in Windows device but now they start to target MacOS. EvilQuest ransomware was found in a Russian forum. It was found inside the app named ‘LittleSnitch’ and give a Torrent link to download that app.
After downloading, it includes PKG installer and post-install script inside PKG file will run after installing the app. After installing the app, evilquest will stay inside littlesnitch folder with the name ‘CrashReporter’ which is the name of normal process in MacOS. Hence user will not recognize the file.
EvilQuest will not start working as soon as it enters the device so that user will not know which app includes the script. After a certain period, it starts to encrypt all files.
To decrypt the ransomware is rather difficult and also depends upon the luck. Now, there’s no certain way to decrypt EvilQuest.
To prevent Ransomware, you should follow these.
- do not use pirate app.
- make backup regularly.
- do not always plug in back up device.