NewsSecurity

SentinelOne Releases EvilQuest Ransomeware Decryptor

SentinelOne has announced a new ransomware decryptor designed to roll back the ‘EvilQuest/ThiefQuest’ ransomware currently targeting macOS users. The decryptor, developed by SentinelOne’s research division SentinelLabs, is further evidence of SentinelOne’s leadership in securing macOS environments. In an effort to aid the macOS community and help ransomware victims reclaim files without making ransom payments, SentinelOne released the tool on GitHub.

“Cybercriminals are eager and adept at capitalizing on any opportunity to infect a user or organization with ransomware, regardless of the party’s operating system of choice,” said Migo Kedem, Senior Director, SentinelLabs. “The challenge for macOS users is that most security vendors neglect macOS, shipping subpar and ineffective products that cannot cope with today’s threat landscape. SentinelOne strategically invested in building the market’s leading macOS security solution, and we are happy to provide this tool for any macOS user to mitigate EvilQuest ransomware.”

The EvilQuest ransomware exhibits multiple behaviors including file encryption, data exfiltration, and keylogging. However, SentinelLabs research suggests that EvilQuest is not related to public key encryption and in fact often uses a table normally associated with block cipher RC2. Knowing this, the SentinelLabs team was able to break the EvilQuest encryption routine, unlocking files and disrupting the attack chain.

Show More

Chris Fernando

Chris N. Fernando is an experienced media professional with over two decades of journalistic experience. He is the Editor of Arabian Reseller magazine, the authoritative guide to the regional IT industry. Follow him on Twitter (@chris508) and Instagram (@chris2508).

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button