Skip to main content

macOS 'ThiefQuest' ransomware found in the wild — here is a free solution

How to restart the Touch Bar on macOS
(Image credit: Laptop Mag)

A dangerous malware has been locking down macOS devices, stealing data and deleting important files. The ransomware was initially being referred to as EvilQuest, but has now been more aptly titled ThiefQuest because of how it robs files and attempts to blackmail the user into compensating the perpetrators (via TechRadar)

If the user does not pay up within the allotted amount of time, ThiefQuest completely bricks the system and deletes every valuable file they gained access to.

As a result of this malware appearing around the web, it's important to be careful with your macOS at this time. Becoming one of ThiefQuest's victims would be awful, but thankfully, there might be a solution.

How to save your files

Jason Reaves at SentinelOne explains how ThiefQuest gets a hold of your files, how they were able to reverse it, and how victims can get their hands on the decryption device

For those affected, ThiefQuest expects users to cough up $50 within 72 hours, or else the program will swiftly delete any files it has taken hold of.  In general, "the malware exhibits multiple behaviors, including file encryption, data exfiltration and keylogging," Reaves wrote in the SentinelOne report.

The security report claims ThiefQuest isn't as complex or scary as it might have seemed because the decryption tool was never removed from the attacker's program. This meant that reversing the damage wasn't particularly challenging.

For those who have become victims to ThiefQuest, feel free to download SentinelOne's free decryption tool. This is intended to free your files from ransom and protect against the malware's simplistic coding tool.