U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Mac users enjoy, FindZip macOS Ransomware decryption tool is available online for free

Great news for macOS users who were infected by the FindZip macOS ransomware, Avast released a decryption tool for free. Good news for macOS users who were infected by the FindZip ransomware, now a decryption tool was released online for free. The FindZip macOS ransomware was spotted last month by researchers at ESET, it is […]

Mac users enjoy, FindZip macOS Ransomware decryption tool is available online for free

Great news for macOS users who were infected by the FindZip macOS ransomware, Avast released a decryption tool for free.

Good news for macOS users who were infected by the FindZip ransomware, now a decryption tool was released online for free.

The FindZip macOS ransomware was spotted last month by researchers at ESET, it is tracked as OSX/Filecoder.E.

The ransomware, written in Swift, was distributed via BitTorrent distribution sites and calls itself “Patcher”, ostensibly an application for pirating popular software.FindZip ransomware OSX/Filecoder.E MAC OS ransomware,

The first release was not complete, the victims were not able to recover their files, even if they pay the ransom.

For this reason, security experts were inviting victims of the ransomware to avoid paying the ransom.

Due to coding errors, the malicious code was destroying the encryption key before sending them to the command and control server.

FindZip was born after an update to Apple’s XProtect signatures started calling it FindZip soon after. The new threat masquerades itself as cracks for Adobe Premier Pro and Microsoft Office, and also feature signed certificates.

The number of ransomware developed to target macOS user is low, FindZip is the second strain of malware designed with this purpose.

The excellent news is that victims of the FindZip macOS ransomware now have the opportunity to recover their files for free thanks to the experts at the security firms Malwarebytes and Avast.

A couple of weeks ago, experts from Malwarebytes Labs researchers published the instructions to restore data encrypted by the FindZip macOS ransomware.

The procedure uses the following elements:

  1. Xcode or TextWrangler
  2. Xcode command-line tools
  3. pkcrack source code
  4. One unencrypted file and the corresponding encrypted file

The process also requires a second account on the infected.

The process has been automated later by experts from Avast who developed the FindZip decryption tool. Victims can decrypt their files on either a Mac or a Windows machine by using the tool.

MalwareByte already published a technical analysis of FindZip, as well as a description of the decryption process. However, because the instructions described by MalwareBytes may be complicated for some, we created a more user friendly decryption application.” reads a blog post published by AVAST.

“The FindZip decryption tool is available on our free ransomware decryption tools page, along with all of our ransomware decryption tools.”

The tool was successfully tested on macOS 10.10 (Yosemite) and macOS 10.12 (Sierra).

Victims that decide to copy the encrypted files from their infected Mac to a Windows system, using the Avast decryptor should be straightforward and they don’t need to install any other software.

The researchers explained that on Mac or Linux, the users need an emulation layer for Windows and the tool works with CrossOver and Wine. The researchers at Avast confirms that other emulation programs might work as well.

Victims have to install a windowing system for Mac, such as XQuartz, which allows the execution of Wine for Mac.

Important note: If you already had Wine installed prior to being infected with the  ransomware, the entire Wine configuration is probably encrypted. In that case, you need to delete the folder \Users\<YourUserName>\.wine before running the decryptor application.” continues the post.

Enjoy the tool!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – FindZip macOS ransomware, malware)