5/5/2023 0 Comments Pather web![]() It can be surmised that Patcher’s authors are relatively inexperienced due to the ransomware’s erroneous coding. This flaw means that even the ransomware’s perpetrators will be unable to supply a method for decrypting the victim’s files. However, even if the malware’s victims manage to pay the ransom, their files will still suffer irreparable damage due to a serious flaw with the ransomware: the code for communicating with its command and control servers is broken. A ransom note asking for 0.25 BTC, or approximately $300, will also be dropped into the user’s system. It will encrypt files found in /Users directories as well as files found in mounted and external storage using /Volumes directories. ![]() Once initiated, the Patcher ransomware will begin to encrypt files using a random 25-character string as its encryption key. When any of these files are run, a window will pop up displaying a fake patching screen. Once downloaded, the files in the folder display fake applications using the “Patcher” label. ![]() ![]() Patcher, which is downloaded via bittorrent, masquerades as a patcher for popular applications such as Microsoft Office and Adobe Premiere Pro. After discussing the rise of ransomware targeting non-Windows systems in early February, further proof of this diversification emerged with the discovery of Patcher (detected by Trend Micro as OSX_CRYPPATCHER.A), a ransomware variant that targets MacOS users. ![]()
0 Comments
Leave a Reply. |