Thankfully, Filecode poses much less of a threat than first anticipated.
Macintosh users have been relatively safe from ransomware attacks so far. Criminals often target Windows users, as it is the most commonly used operating systems. That situation changes where Filecode ransomware is concerned. This malware attacks Macintosh users all over the world, yet it is less of a threat than people think. There is a way to get rid of Filecode free of charge, rather than paying the bitcoin ransom.
SophosLabs security researchers came across this new malware last week. It is not surprising to learn criminals are creating new tools to cause havoc all over the world. With most computer systems vulnerable to exploits and hacking, criminals have their targets for the picking. Interestingly enough, Macintosh users remain safe from most of these attacks. Or that was the case, until a few weeks ago.
Filecode Ransomware is Troubling But Not Dangerous
It is evident Filecode is written for Mac users by a Mac user. There is no other operating system variant of this ransomware to be found anywhere in the world.Most malware strains are “ported over” from Windows or Linux, yet that is not the case with this type of ransomware. It appears Filecode is written in the Swift programming language, which is an environment developed by Apple themselves.
Thankfully, Filecode poses much less of a threat than first anticipated. Although dealing with ransomwareis no laughing matter, it appears the developers made some critical mistakes. First of all, their method of distribution is somewhat lackluster. The malware is embedded in tools designed to crack commercial software. So far, no infections have been detected as a result of these tools.
Additionally, the ransomware requires built-in macro tools to help scramble files. Oddly enough, the source code of this malware does not use these tools properly, rendering the ransomware rather ineffective. Plus, the encryption algorithm used to scramble files is not all that advanced either. Instead, it is easy to crack as long as victims have an original unencrypted copy of an affected file.
Whenever somebody gets infected with ransomware, paying the bitcoin demand should only be seen as a last course of action. In the case of Filecode, this seems to be a non-trivial matter. The criminals responsible for this malware strain were unsuccessful in keeping a copy of the random encryption key for each victim. That is a rookie mistake, to say the least. It is evident the person responsible for this software is not entirely sure what he or she is doing.
Header image courtesy of Shutterstock