Security Program Controls/Technologies, Channel partners, Content

EvilQuest Ransomware Decryptor for Apple macOS: SentinelOne Delivers

SentinelOne, an endpoint security provider that collaborates with MSPs and MSSPs, has released a ransomware decryptor designed to protect against EvilQuest (ThiefQuest) attacks in macOS environments. The company also blocks EvilQuest attacks at machine speed across its 4,000 customers.

macOS users can leverage the decryptor to rollback their files after an EvilQuest attack, according to SentinelOne. In addition, the decryptor enables these users to avoid paying EvilQuest cyberattack ransoms.

The SentinelOne EvilQuest decryptor is now available free of charge via GitHub.

What Is EvilQuest?

EvilQuest was discovered in June 2020 by security researchers at Malwarebytes Labs. Since that time, macOS researcher Patrick Wardle has released additional details about EvilQuest and discovered several variants of the ransomware.

EvilQuest uses file encryption, data exfiltration, keylogging and other behaviors to infiltrate macOS environments, according to SentinelOne. It often leverages a table normally associated with block cipher RC2 to encrypt and lock macOS user data and files.

Furthermore, EvilQuest may have viral capabilities, Wardle noted. It also may attempt to infect existing executables in a macOS user's home folder.

How to Combat Ransomware Attacks

The SentinelOne decryptor enables macOS users to retrieve data and files that were previously encrypted and locked during an EvilQuest attack. Meanwhile, macOS users can take various security measures to guard against EvilQuest and other ransomware attacks, such as:

  • Leverage anti-malware and antivirus software and update it regularly.
  • Use email content scanning and filters.
  • Educate employees about ransomware attacks.

How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.