Bitcoin Ransomware Education – Patcher

New types of ransomware continue to pop up in 2017, even though some of them do things a bit differently. Patcher, a new ransomware discovered by the Trend Micro security researchers, is designed to specifically target MacOS users. In most cases, criminals steer away from MacOS as it is far less commonly used compared to Windows, however this type of malware decided to take a different approach.

A Look At The Patcher Ransomware

It’s not often that a new type of ransomware is discovered which targets an operating system that is not Windows or Android. Patcher proves to be one of these rare exceptions, as it is designed to target non-Windows systems. In fact, for some unknown reason it aims for the MacOS users. As one would expect, the malware in question is distributed through popular file sharing techniques. In this case, Patcher is distributed over the BitTorrent protocol, which is used by many people all over the world.

To be more precise, Patcher disguises itself as a “cracker” for popular paid software. Microsoft Office and Adobe Premiere Pro are two examples of paid software which are often pirated. To do so, users need a cracking tool that bypasses any validation procedures to ensure the user is running a legitimate version of the software on their computer. Once a user downloads the Patcher-laden “cracker” over the BitTorrent protocol and executes the file, they will see a pop-up window asking for permission to start the patching process.

Do not be mistaken in thinking this is a legitimate tool, though, as the Patcher ransomware will start encrypting computer files once the user hits the “start” button in the popup window. In a way, users give Patcher permission to encrypt their files, which is a rather unique way of going about things. All files will be encrypted using a random 25-character string. Moreover, users will receive clear instructions on how to decrypt their files, as well as guidelines to make the 0.25 Bitcoin payment.

Paying the ransomware demand is never the solution to these types of infections, though. Even if the payment is made successfully, there is no guarantee the criminals will send the decryption key to the victim. In fact, researchers discovered the code responsible for communicating with the command-and-control server is utterly broken. The criminals are effectively unable to provide the decryption key to victims, as there is no line of communication between both parties. This seems to indicate Patcher’s developers are rather new to the ransomware system.

Even though it may seem like Patcher became less of a threat all of a sudden, that is far from the case. Just because users can’t get their decryption key does not mean the ransomware is rendered useless all of a sudden. It is more than capable of executing the payload successfully and encrypting all of the files found on the computer. The bigger problem is getting rid of the infection once the damage has been done, as paying the bitcoin amount will not make a difference by any means.

It is unclear if this means we will see more types of crypto ransomware deliberately targeting non-Windows computer systems, though. Security researchers have noticed a few different types of malware coming to fruition in recent months, although the numbers are not alarmingly high by any means. Criminals will do everything they can to make money by exploiting vulnerable computers and mobile devices. MacOS users often have more expensive computers, which can make them a valuable target for hackers and other cyber criminals moving forward.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.