How to Avoid New Mac Ransomware EvilQuest
One of the last Mac malware to keep in mind on boot day is the devastating ransomware known as “EvilQuest.”
Good news? Right now, this is mostly distributed through pirated Mac software, so if you didn’t steal the software, you have nothing to worry about. Malwarebytes reports that ransomware exists in fake installers for at least two different applications: Little Snitch and Mixed in Key 8 . Malwarebytes has also found evidence of a fake installer for Ableton Live , and there may be others.
Unlike the legitimate Little Snitch and Made in Key 8 install files, which have official logos and are properly packaged, the ransomware counterfeits share a generic install package icon and are an unrelated disk image. Malwarebytes also found the suspicious “patch” file while examining the contents of the installer that contains EvilQuest and found that the installer did not have the proper code signing certificates (a digital signature that confirms that the file came from a trusted source).
Like other ransomware, EvilQuest encrypts files on your device (including attached hard drives and external storage) and locks you. The only way to regain access to your files is to pay the hacker a ransom, usually through bitcoin transactions or anonymous money order. There is often a deadline for a ransom payment, after which your files will be permanently locked or even deleted. EvilQuest gives infected users three days to pay or permanently block.
How to keep your Mac safe from EvilQuest
Ransomware is scary, but avoidable. Piracy is a common vector for deploying malware of all kinds, as pirated software and media often come in modified formats or unorthodox files, allowing unsuspecting users to lose sight of the rather clear signs that they have downloaded something fake.
This is why it is safest to avoid piracy altogether. You will avoid malware infection and will not break the law. Plus, by actually buying apps and media, you are supporting the creators to keep working.
However, this does not mean that malware cannot hide in regular applications that you download from the Internet. Make sure to stay in the comments or forum discussions about new apps you hear about, or even run a cursory Twitter search before installing anything you’ve stumbled across online to make sure no one is reporting about any problems.
Skip everything you can’t get a clear answer to and take a close look at the ones you download. The simplest solution is to use reliable antivirus and antivirus applications to detect malicious files before downloading or installing them. As for EvilQuest, Malwarebytes says it will identify and remove ransomware before it can infect your Mac, and you can run a basic scan for free with the Malwarebytes app .
You should also have multiple system backups in case something goes wrong and you need to perform a clean install and restore old files – whether due to malware or other issues such as errors, hardware failures, or lost / stolen devices. It’s wise to store multiple backups in different locations, including cloud drives, device storage, and external storage. Just make sure external drives are disconnected when not backing up so that they are not encrypted by ransomware.
What to do if you are infected
Preventive measures should be enough to keep your computer safe, but if you find yourself infected with EvilQuest ransomware, don’t panic: if you have secure backups of your files, you can (probably) restore without paying. Try to remove the ransomware using Malwarebytes or other antivirus software. If your device is already locked and anti-malware apps aren’t working, try performing a factory reset and then restoring your old files with a clean backup.