. MacOS ransomware is not common in the threat landscape , this is the second such malware discovered by the security experts after the researchers spotted the Keranger threat in March 2016 . The OSX/Filecoder.E MacOS ransomware masqueradesAttack.Phishingitself as a cracking tool for commercial software like Adobe Premiere Pro CC and Microsoft Office for Mac . The fake cracking tool is being distributed as a bittorrent download . The malware researchers noted that the ransomware is written in Apple ’ s Swift programming language and it appears to be the result of the work of a novice Vxer . The MacOS ransomware is hard to install on the last OS X and MacOS versions because the installer is not signed with a developer certificate issued by Apple . The OSX/Filecoder.E MacOS ransomware generates a single encryption key for all files and then stores the files in encrypted zip archives . Unfortunately , the malicious code is not able to send the encryption key to the C & C server before being destroyed , this makes impossible the file decryption . The experts highlighted that implementation of the encryption process is effective and makes impossible to crack it . “ There is one big problem with this ransomware : it doesn ’ t have any code to communicate with any C & C server . This means that there is no way the key that was used to encrypt the files can be sent to the malware operators. ” continues the analysis . “ The random ZIP password is generated with arc4random_uniform which is considered a secure random number generator , ” “ The key is also too long to brute force in a reasonable amount of time. ” At the time I was writing , the monitoring to the bitcoin wallet address used to receive the paymentAttack.Ransomof the victims revealed that none has paid the ransomAttack.Ransom. Experts believe that the crooks behind OSX/Filecoder . E are likely interested in scamming the victims instead of managing a botnet . “ This new crypto-ransomware , designed specifically for macOS , is surely not a masterpiece . Unfortunately , it ’ s still effective enough to prevent the victims accessing their own files and could cause serious damage. ” closed the analysis .
Six weeks after ransomware forced Colorado Department of Transportation ’ s back-end operations offline , the agency is back to 80 percent functionality — at an estimated cost of up to $ 1.5 million , according to the state . Colorado officials said they never caved to the attacker ’ s demands to pay bitcoinAttack.Ransomin order to recover encrypted computer files . But clearing each computer took time and additional resources — including the Colorado National Guard — to investigate , contain and recover . “ We were able to recover from the SamSam attack relatively quickly due to our robust backup plan and our segmentation strategies , ” Brandi Simmons , a spokesperson for Colorado ’ s Office of Information Technology , said in an email . “ We are still capturing costs associated with the incident , but our estimate is between $ 1M and $ 1.5M. ” What started with a core team of 25 IT employees , Simmons said , ballooned to 150 “ during the peak of the incident ” — March 2-9 . She added that others included CDOT , the FBI , state emergency operations and private companies . The million-dollar estimate includes only overtime pay and other unexpected costs . The state ’ s new backup system prevented data loss , but personal data on employees ’ computers may not be recovered . The cyberattack started around Feb 21 when a variant of the SamSam ransomware hijacked CDOT computer files . CDOT shut down more than 2,000 computers . Its employees had to use personal devices to check email . The state did not share the value of bitcoin that attackers demandedAttack.Ransom. Elsewhere , SamSam attacked the city of Atlanta , debilitating computer systems that residents used to pay traffic tickets , report potholes and access Wi-Fi at the airport . The city hasn ’ t issued a public update since March 30 , and a city spokesman said Thursday there is nothing new to share . Attackers demandedAttack.Ransom$ 51,000 worth of bitcoin . Asked whether Atlanta has paid the ransomAttack.Ransom, spokeswoman Anne Torres said : “ Unfortunately , we can not comment further on the ransomAttack.Ransom. ” The rise of ransomware attacksAttack.Ransomhas caused some to wonder whether it ’ s worth paying to avoid business outages — Hancock Health in Indiana paidAttack.Ransom$ 55,000 to get its files back . Dan Likarish , a computer professor at Denver ’ s Regis University , said there ’ s still a good reason not to do it . “ If you pay the ransomAttack.Ransom, you ’ re supporting the criminal , ” said Likarish , adding there ’ s also no guarantee the attacker will return computer files intact . “ The weasel answer ? It ’ s a risk mitigation . That ’ s the way we label ourselves . We talk to upper management , present the business case that we ’ ve identified the problem , let ’ s just pay . That ’ s what a lot of hospitals have done . It ’ s not unusual to pay for the key and go about your business . It depends on how sophisticated your security staff is . If you don ’ t have it , what do you do ? You ’ ve got to keep things running. ” Likarish said he was able to help with efforts to contain the CDOT attack and was in awe at how the state ’ s IT office swooped in and took command . While IT staff had already updated its own computer operations , not every state agency is on the same system , including CDOT . “ People are listening to them now , ” Likarish said .