India

Govt Warns Apple Laptop Users In India About ‘ThiefQuest’; Know The Details

New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued an advisory alerting Apple MacBook, iMac and other macOS users about a new ransomware called ThiefQuest, which has been spreading since last month.

This new ransomware, also called EvilQuest, locks files on macOS and spies on infected systems. CERT-In has also listed steps for users to protect themselves.

Here are the details about the new MacOS ransomware and how you can stay safe:

a) The ThiefQuest ransomware not only encrypts the files on the system but also installs a keylogger, remote shell and steals cryptocurrency wallet-related files from infected hosts, according to a Gadgetsnow report.

b) This ransomware continues to track victims, even after they have paid ransom, to unlock their system as the attacker continues to have access to the computer and can exfiltrate files and keystrokes. This ransomware is distributed via legitimate applications on Torrent websites such as Little Snitch, Ableton, and Mixed in Key.

c) ThiefQuest runs the Python scripts by downloading them as disguised GIFs. If a file matches the search criteria, it will base 64 encode the file contents and send it to C&C server. These files include text files, images, Word documents, SSL certificates, code-signing certificates, source code, projects, backups, spreadsheets, presentations, databases, and cryptocurrency wallets.

d) The attackers do not provide any email address to contact them for decryption after the ransom has been paid. “This makes it impossible for attackers to identify victims who have paid ransom. This leads to the suspicion that ransomware may be used for spying and other malicious activity,” CERT-In was quoted as saying.

e) Ransomware generally targets common file types. Regular backups of all critical information should be kept on a separate device, and backups should be stored offline. Remote access, when not in use, must be disabled.

f) Execution of Power shell /WSCRIPT in an enterprise environment should be restricted and a Sender Policy Framework (SPF) for your domain should be established. Block binaries running from %APPDATA% and %TEMP% paths by whitelisting applications or implementing Software Restriction Policies (SRP) strictly.

g) Segmenting the network and segregating it into security zones will help protect sensitive information and critical services. Ad blockers should be installed.

OB Bureau

Recent Posts

Sex With Dead Body Horrendous Act, But Not Rape: Chhattisgarh High Court

Raipur: In a significant observation, the Chhattisgarh High Court has said that engaging in sexual intercourse…

4 minutes ago

HC Asks Odisha Govt To Fill Up Vacant Junior Teacher Posts Immediately

Cuttack: The Orissa High Court on Monday reportedly directed the state government to immediately fill…

7 minutes ago

40 Youths Stuck In Maldives On Job Promise Plead For Safe Return To Odisha

Bhubaneswar: Over 40 youths, lured to Maldives with promises of lucrative jobs in a private…

17 minutes ago

No Attempts To Intimidate British Citizens Would Be Accepted: UK Junior Min After Sikh Groups Allege Harassment By Indian Govt

London: After a number of Sikhs living in the UK alleged that they were being…

31 minutes ago

Will Elon Musk Be De Facto US President? Check Donald Trump’s Reaction

New York: Elon Musk has emerged as a key man in President-elect Donald Trump’s administration, which…

37 minutes ago

3 More Doppler Radars To Be Set Up In Odisha To Improve Forecasting

Bhubaneswar: In order to strengthen meteorological forecasting capabilities, steps are being taken to install three…

41 minutes ago

This website uses cookies.