The malicious installer was found available for download on a Russian forum with torrent links.
According to Reed, the malware undoubtedly resides in other illegal copies of software or their installation files.
However, this installer was a simple Apple installer package with a generic icon.
Worse, the installer package was pointlessly distributed inside a disk image file, Reed said.
It then removes itself from the /Users/Shared/ folder and launches the new copy.
Finally, it launches the Little Snitch installer.
According to Malwarebytes, there is currently no information about the existence of a decryption key.
Researchers are still investigating what encryption ThiefQuest uses to encrypt its victims files and how it can be cracked.
The best way of avoiding the consequences of ransomware is to maintain a good set of backups.
I personally have multiple hard drives for backups.
I use Time Machine to maintain a couple, and Carbon Copy Cloner to maintain a couple more.
Source:Malwarebytes
Read More
source: www.techworm.net
