Severity scale:  
  (94/100)

MacRansom ransomware virus. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - - | Type: Ransomware

MacRansom virus might be the first Ransomware-as-a-Service that targets Mac OS

MacRansom is a malicious Ransomware-as-a-Service[1] virus that targets Mac operating systems and encrypts files stored in them. The developer of the ransomware suggests joining his affiliate system for free and provides ransomware samples for free. It takes less than a minute for this virus to encrypt files on victim’s Mac. After encrypting the files, the virus creates a ransom note (._README_ file) that it displays on the screen, and demands 0.25 Bitcoin (approximately $700). The victims are asked to contact getwindows@protonmail.com for information on how to decrypt files. Instead of doing so, we suggest you start thinking about MacRansom removal. MacRansom ransomware

Before launching the malicious payload, the ransomware performs several checks – it determines whether it is being run in a Mac environment or not, also if it is being debugged, and if the machine has two CPUs. Following that, the virus creates a launch point: ~/LaunchAgent/com.apple.finder.plist and then copies the ransomware executable to ~/Library/.FS_Store. The virus purposely uses original (or similar) names of legitimate files to avoid detection. The virus also manipulates the time date stamp to confuse investigators. Finally, the virus uses launchctl to open the com.apple.finder.plist file it created. The virus checks trigger time and, if the condition is met, it starts the encryption process. After encrypting all of the victim’s files, the ransomware encodes its own files, changes the time date stamp and then removes them from the system.

The ransomware uses symmetric encryption, which, in typical cases, allows decrypting files more easily, however, we do not recommend paying the ransom if your PC has been infected. It turns out that the ransomware doesn’t communicate with C&C server[2], and that means criminals won’t have the copy of it. However, since they key is only 8 bytes long, it might be possible to brute-force it. So if you have been assaulted by this Mac ransomware, we suggest you remove MacRansom from the OS using Plumbytes Anti-MalwareNorton Internet Security software and check available data decryption methods explained at the end of this post.

Distribution methods

Ransomware-as-a-Service is distributed by affiliates who decide to partner with the ransomware developer. Currently, it is being distributed via email spam, although we believe that attackers might be trying to inject the virus into unsecured websites or distribute it alongside untrustworthy or illegal software for Macs. The developer of MacRansom, however, suggests moving the malicious virus to a USB, using it to transfer the malicious file on a target system, and manually launching it. It goes without saying that it is a much slower and more dangerous way to distribute this malicious virus. The ransomware developers promise to give their affiliates 70% from all collected ransoms, keeping 30% to themselves.

Remove MacRansom from Mac OS

If you want to continue using your Mac, we highly recommend you to remove MacRansom virus remains using powerful malware removal tool. You must use software that is compatible with Macs. Our suggestion is to use Plumbytes Anti-MalwareNorton Internet Security software. Do not delay MacRansom removal and delete it as soon as you can because keeping the malware on your system poses a threat to your privacy and opens security vulnerabilities that can be exploited by other malicious actors. Once you run the anti-malware program and let it delete malicious files for you, use the given guidelines to decrypt your data.

Offer
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternate Software
Malwarebytes
Alternate Software
Malwarebytes

To remove MacRansom virus, follow these steps:

Bonus: Recover your data

Guide which is presented above is supposed to help you remove MacRansom from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

To recover your data, please be patient – ransomware analysts are about to release MacRansom decryption tools shortly. In the meantime, you can restore part of your files from data backup. Before importing any external files, remove the malware using anti-malware software that is compatible with Mac OS.

If your files are encrypted by MacRansom, you can use several methods to restore them:

MacRansom decrypter isn't available yet

However, it doesn't mean that you should pay the ransom. It is unlikely that scammers will help you to restore encrypted files anyway.

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

References