EvilQuest Ransomware Decryptor in Action - SentinelOne
Back to Resources

EvilQuest Ransomware Decryptor in Action

A new macOS ransomware threat uses a custom file encryption routine The routine appears to be partly based on RC2 rather than public key encryption SentinelLabs has released a public decryptor for use with “EvilQuest” encrypted files To learn more about EvilQuest/ThiefQuest malware, read our blog: https://www.sentinelone.com/blog/evilquest-a-new-macos-malware-rolls-ransomware-spyware-and-data-theft-into-one/ To read how we reversed the ransomware: https://labs.sentinelone.com/breaking-evilquest-reversing-a-custom-macos-ransomware-file-encryption-routine/
Watch Now