SentinelOne Releases Free ‘EvilQuest’ Ransomware Decryptor to Defend macOS Environments

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--SentinelOne, the autonomous cybersecurity platform company, announced a new ransomware decryptor designed to rollback the ‘EvilQuest/ThiefQuest’ ransomware currently targeting macOS users. The decryptor, developed by SentinelOne’s research division SentinelLabs, is further evidence of SentinelOne’s leadership in securing macOS environments. In an effort to aid the macOS community and help ransomware victims reclaim files without making ransom payments, SentinelOne released the tool on GitHub. SentinelOne blocks EvilQuest ransomware at machine speed across each of its 4,000 customers - as demonstrated here.

“Cybercriminals are eager and adept at capitalizing on any opportunity to infect a user or organization with ransomware, regardless of the party’s operating system of choice,” said Migo Kedem, Senior Director, SentinelLabs. “The challenge for macOS users is that most security vendors neglect macOS, shipping subpar and ineffective products that cannot cope with today's threat landscape. SentinelOne strategically invested in building the market’s leading macOS security solution, and we are happy to provide this tool for any macOS user to mitigate EvilQuest ransomware.”

The EvilQuest ransomware exhibits multiple behaviors including file encryption, data exfiltration, and keylogging. However, SentinelLabs research suggests that EvilQuest is not related to public key encryption and in fact often uses a table normally associated with block cipher RC2. Knowing this, the SentinelLabs team was able to break the EvilQuest encryption routine, unlocking files and disrupting the attack chain. Further technical detail on EvilQuest ransomware is available on the SentinelOne blog here.

About SentinelOne

SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook.