Researchers Make Decryptor For ThiefQuest Ransomware Publicly Available

  •  
  •  
  •  
  • 3
  •  
  •  
  •  
    3
    Shares

ThiefQuest or EvilQuest recently made it to the news following its discovery. The ransomware specifically aimed at Mac devices. Thankfully, following the continuous analyses by the cybersecurity community, we now have a decryptor for ThiefQuest ransomware which is publicly available.

Decryptor For ThiefQuest Ransomware

Researchers from SentinelLabs have recently shared their analysis about the EvilQuest Mac ransomware.

Specifically, they have shared in their report about how they could find weaknesses in the malware. They noticed that the ransomware used the RC2 algorithm for encrypting data, whilst placing both encryption and decryption keys inside every locked file.

Hence, reverse engineering the file encryption allowed them to develop a decryptor for the ransomware as well.

Fortunately, they have published this decryptor for ThiefQuest ransomware under the MIT software license for the public.

Users can download the decryptor from this link when needed.

ThiefQuest Updates – More Findings

As the cybersecurity continues analyzing the malware, we now have more information available about it.

Recently, researchers from Malwarebytes Labs have shared another report regarding ThiefQuest. In it, they have explained how they believe that ThiefQuest may not be a ransomware in effect.

Earlier, Patrick Wardle explained that he found the ransomware to possess keylogger and backdoor codes. Certainly, these functionalities are not common for ransomware.

Moreover, analysis of the ransom note by Lawrence Abrams of Bleeping Computer elaborated more peculiar details.

At first, the ransomware demanded a very low amount as ransom – just $50. Secondly, it had no specific email address for the victims to contact the attackers. Thirdly, the attackers used the same bitcoin address in every ransom note, hence blurring the distinction of victims who paid the ransom.

On top of all that, as analyzed by Wardle, the ransomware code only had a redundant function for decryption. Not to forget that the malware doesn’t work efficiently in encryption the files.

These findings hint the ransomware to be more of a data stealer. Whereas, the ransom note it put after the infection seems an attempt to distract the victim.

So, besides using the decryptor, what’s recommended for ThiefQuest victims is to recall whatever sensitive data they had stored on their Mac devices, and see how they can change the details. For instance, if the affected data includes any passwords – change them; if it includes credit card details – cancel the cards.

Lastly, clean up the device and deploy security measures to remove the malware and prevent any re-infection.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!