macOS ransomware hittat på fältet

Ett nytt ransomware-program SK,rivet för macOS har hittat på fältet/nätet. Programmet, Patcher, krypterar dina filer och gör dem helt obrukbara i i skrivande stund finns det ingen möjlighet att återställa informationen.

Programmet utger sig för att vara en “Patch”, en fix för att knäcka populära program så som Adobe Photoshop, Microsoft Office och andra program. 

Then the ransomware generates a random 25-character string to use as the key to encrypt the files. The same key is used for all the files, whoch are enumerated with the find command line tool; the zip tool is then used to store the file in an encrypted archive.
Finally, the original file is deleted with rm and the encrypted file’s modified time is set to midnight, February 13th 2010 with the touch command. The reason for changing the file’s modified time is unclear. After the /Users directory is taken care of, it does the same thing to all mounted external and network storage found under /Volumes.

Skriver säkerhetsföretaget Eset i sin genomgång och analys av Patcher.

Aktiveras programmet och filerna krypteras så är informationen, dokumenten, bilder och annat helt obrukbara. Filen krypteras och sedan raderas originalfilen och ett textmeddelande lämnas till användaren.

NOT YOUR LANGUAGE? USE https://translate.google.com

What happened to your files ?
All of your files were protected by a strong encryption method.

What do I do ?

So , there are two ways you can choose: wait for a miracle or start obtaining BITCOIN NOW! , and restore YOUR DATA the easy way
If You have really valuable DATA, you better NOT WASTE YOUR TIME, because there is NO other way to get your files, except make a PAYMENT

FOLLOW THESE STEPS:
1) learn how to buy bitcoin https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version)
2)send 0.25 BTC to 1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb
3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com
4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (If you can not wait 24 hours make a payment of 0.45 BTC your files will be unlocked in max 10 minutes)

KEEP IN MIND THAT YOUR DECRYPTION KEY WILL NOT BE STORED ON MY SERVER FOR MORE THAN 1 WEEK SINCE YOUR FILE GET CRYPTED,THEN THERE WON'T BE ANY METHOD TO RECOVER YOUR FILES, DON'T WASTE YOUR TIME!

There is one big problem with this ransomware: it doesn’t have any code to communicate with any C&C server. This means that there is no way the key that was used to encrypt the files can be sent to the malware operators.
This also means that there is no way for them to provide a way to decrypt a victim’s files. Paying the ransom in this case will not bring you back your files. That’s one of the reasons we advise that victims never pay the ransom when hit by ransomware.