Women checking email finds spam

EvilQuest – Why You Always Need Virus and Ransomware Protection – Yes, Even if You Use a Mac!

There’s a pervading myth that you don’t need to worry about viruses if you use an Apple Device. This has never been true, but today, it’s more untrue than ever.

There are two main reasons that Mac computers have seen an ongoing rise in malware that targets them specifically.

1) As Macs have increased in price it has meant that those individuals or businesses that can afford them are even bigger targets. The thinking from hackers being – “if they can afford a Mac, they must be worth trying to extort”.

2) Everyone thinks Macs don’t get viruses, so they are more likely to have their guard down and much less likely to have any antivirus systems in place.

Unfortunately, there’s not much that can be done to tackle the first point, but Carden IT Services has you covered on the second one. We supply managed IT and cybersecurity services to all types of businesses – including those that use Macs!

We thought it best to remind everyone as there’s a new bit of Mac ransomware going around the internet and it’s a bad one.

EvilQuest (sometimes known as ThiefQuest) is a newly discovered piece of Mac malware that security researchers are warning about.

Versions of this malware have been discovered disguised as a Google Software Update and also in the installer for pirated versions of popular Mac software such as Ableton Live.

Like most ransomware, it begins to encrypt random files and then presents a screen to the user telling them to pay $50 do an anonymous bitcoin wallet.

Researchers quickly noted something odd though, the “ransom note” contains no way to contact the attacker even if the payment is made. The reason for this? The ransomware is just a smokescreen for the malware’s real intention.

While the user is distracted by the ransomware component, EvilQuest is getting to work in the background. It covertly installs both a keylogger and a reverse shell onto the machine so that the hackers can steal sensitive information from the victim. Its final move is to attempt to steal any files with a variety of extensions, including;

.pdf, .doc, .jpg, .txt, .pages, .zip, .xsl, .xslx, .docx, .wallet & .dat

The risk for the victim is two-fold.

1) Unless they have kept up to date backups of all their files, they will lose any data in the encrypted files.

2) Any sensitive information contained in the stolen documents is now in the hands of the hackers, including any bank statements saved as PDFs, any private images saved as JPEGS or account information in Excel files. This leaves the victim open to further fraud or extortion attempts.

Sounds scary, we know – but the good news is that these sorts of threats can and already are being defended against. Here are three of the tools that Carden IT Services LLC provide to help combat these types of threats.

1) Trend Micro
Trend Micro is an enterprise-grade antivirus tool. It prevents connection to malicious websites and has a built-in virus removal system to delete potentially harmful files. Trend Micro also features a “Folder Shield” which protects designated folders from external threats, including ransomware like EvilQuest.

2) Cisco Umbrella (formerly Open DNS)
Ransomware attacks will start by making a connection being between the hacker’s IP address and your own network. Cisco combats this by cross referencing these connection requests with its expansive and regularly updated list of known malicious IP addresses.

This ransomware protection blocking is actually performed at the DNS level, so it is blocked before the connection is ever made.

3) Cybersecurity Awareness Training
In addition to learning directly from our exerts about how to identify and avoid malware, malicious links and phishing emails – we also provide a randomised security testing service. Accurate simulations of genuine phishing emails are sent to randomly selected staff members. The data collected is then anonymised and collated so you can see:

– How many employees opened the emails.
– How many clicked on potentially malicious links.
– How many handed over personal or business information.

The users who were successfully duped by the emails are sent training videos which reinforce best practices around cybersecurity and teach them how to better spot a phishing email the next time (when it could be a genuine one). This process is done anonymously so as to avoid embarrassing employees who are taken in by the phishing tests.

We hope this article has shown you that a) Macs and Apple devices are not inherently safer from malware, and b) There are solutions available for Mac that are as powerful as those available for PC.

The tools mentioned above are just three of the options we have available to combat Mac-based malware. Speak to one of our team today to learn more.

Author: Jeremy Huson

Jeremy Huson is the founder and director of Carden IT Services LLC. He has nearly two decades of experience managing businesses’ IT networks and his areas of expertise are IT consultation and cybersecurity.