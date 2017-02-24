The ransomware was discovered by security vendor Eset on BitTorrent peer-to-peer distribution sites. It is written using Apple's Swift language and hides in files pretending to be cracked (unlocked) versions of popular software, such as Adobe Premiere Pro and Microsoft Office for Mac.

The Torrent contains a single ZIP file – an application bundle. It also has a transparent background that makes it difficult to spot and cannot be reopened if the window is closed.

Once executed, the malware encrypts both files in the /User directory and any files in the /Volumes (encrypting files on all mounted external and network storage).

Patcher then copies a file called README!.txt all around the user's directories such as “Documents” and “Photos”. Within these files are instructions asking the victim for a payment of 0.25 Bitcoin.

But, the ransomware is so poorly coded that there is no way for it to communicate with any C&C server. This means that there is no way the key that was used to encrypt the files can be sent to the malware operators.

“Paying the ransom in this case will not bring you back your files. That's one of the reasons we advise that victims never pay the ransom when hit by ransomware,” said Marc-Etienne M.Léveillé, malware researcher at Eset in a blog post.

“This new crypto-ransomware, designed specifically for macOS, is surely not a masterpiece. Unfortunately, it's still effective enough to prevent the victims accessing their own files and could cause serious damage.”

The firm recommended that users avoid pirated software and have a current, offline, backup of all your important data.

This article originally appeared at scmagazineuk.com