A dangerous malware has been locking down macOS devices, stealing data and deleting important files. The ransomware was initially being referred to as EvilQuest, but has now been more aptly titled ThiefQuest because of how it robs files and attempts to blackmail the user into compensating the perpetrators (via TechRadar)
If the user does not pay up within the allotted amount of time, ThiefQuest completely bricks the system and deletes every valuable file they gained access to.
As a result of this malware appearing around the web, it's important to be careful with your macOS at this time. Becoming one of ThiefQuest's victims would be awful, but thankfully, there might be a solution.
- How to take a timed or delayed screenshot in macOS
- How to permanently unhide the User Library folder in macOS
- Nasty Mac ransomware discovered: How to protect your MacBook
How to save your files
For those affected, ThiefQuest expects users to cough up $50 within 72 hours, or else the program will swiftly delete any files it has taken hold of. In general, "the malware exhibits multiple behaviors, including file encryption, data exfiltration and keylogging," Reaves wrote in the SentinelOne report.
The security report claims ThiefQuest isn't as complex or scary as it might have seemed because the decryption tool was never removed from the attacker's program. This meant that reversing the damage wasn't particularly challenging.
For those who have become victims to ThiefQuest, feel free to download SentinelOne's free decryption tool. This is intended to free your files from ransom and protect against the malware's simplistic coding tool.