RansomWhere?

MightyGem · Jun 7, 2016

Just recently, when I restart my MBP, which is not very often, I get two popups. One asking if I want to update my version of RansomeWhere?, and another saying that RansomeWhere? wants to make some changes and asking for my password.

I haven't installed RansomeWhere? and a search with Spotlight and Find Any File shows nothing.

Has anyone else had this?

ferrarr · Jun 7, 2016

I'm using OS 10.11.5 and it's not happening here. What OS X are you running? Have you tried to run Malwarebytes?

MacInWin · Jun 7, 2016

Ransomwhere? seems to be a utility from Objective-see.com:

https://objective-see.com/products/ransomwhere.html

Don't know if that's a good thing or not, to be honest. Are you certain you've not tired it before?

harryb2448 · Jun 7, 2016

If you did not install it, get red of it.

pm-r · Jun 7, 2016

Man, I'd sure get all traces of such traces removed from my Mac so fast it would make your head spin.

Especially considering the "developer" even has the lack of any principles to release malware samples downloads to anyone… gads!!!
"OS X Malware Samples"
https://objective-see.com/malware.html

Just the thing everyone wants to receive, some malware sample some nut/"friend" downloaded — I think NOT!!!

- Patrick
======

pm-r · Jun 7, 2016

Some interesting bits of info about RansomeWhere? and the developer, for those possibly interested:

http://www.macnn.com/articles/16/04...esearcher.to.protect.os.x.proactively.133732/

I'll just let Mikey try it thanks… but at least I see it's had an update since it was first launched not even a month ago.

- Patrick
======

MacInWin · Jun 7, 2016

I remember now when there was a dustup in the Interwebz about the KeRanger ransomware. This guy offered his "finder" for that kind of malware then, and apparently has updated it to plug some of the holes in his finder. Don't think it's malicious in itself, but I think Apple has plugged the KeRanger-like holes with SIP. Of course, if you disable SIP...

Rod · Jun 7, 2016

It is another thing running in the background, a utility I know, but non the less using resources i wonder that everybody doesn't just use a VPN and Ghostery. You can set your VPN to your real location and still get all of the benefits of anonymity and encryption. I run mine full time now so that I appear to be in my country of origin, thus giving me access to content I would be unable to access from Indonesia but you don't have to do that. The same app runs on my iPhone. I can use my phone for online banking now and I have not had a malware or hacking issue on OSX for years.

MightyGem · Jun 8, 2016

Have you tried to run Malwarebytes?

I have now, thanks. It found a process which I terminated. A restart still produced a popup, but this time I noticed the RansomeWhere? icon in the Dock. Right Click>Options>Show in Finder found it and I deleted it.

Strange that Spotlight and Find Any File couldn't find it though.

pm-r · Jun 8, 2016

I find that amazing that Find Any File couldn't find anything related. Did you use any copy-paste on any of the associated names…???

Sure not unusual for Spotlight (aka: stoplight) to fail, but sure not Find Any File. $:\$

MightyGem · Jun 8, 2016

Did you use any copy-paste on any of the associated names…???

No, just the name, RansomeWhere? It found Safari history pages but not the app.

pm-r · Jun 8, 2016

MightyGem said:
No, just the name, RansomeWhere? It found Safari history pages but not the app.

If you want to make sure you got rid of all bits and pieces, do a search with FAF for anything containing any of the following:
com.objectiveSee.
RansomWhere (no ? in name)
objectiveSee

and there may be some other files and stuff along where such files are located.

PS: Double check the locations and dates to confirm you've got the correct stuff before Trashing.

Rod · Jun 8, 2016

Most associated files are lower case titles so just "ransom" should work with FAF but yes check dates.

MightyGem · Jun 9, 2016

Thanks.

LauraSmithMS · Jun 16, 2016

we can secure our Mac by such nasty ransomware attacks by using a VPN

Rod · Jun 16, 2016

SarahJohnMS, thats very true as stated in my post to this thread on the 06/06 but I added Ghostery to the lineup because it stops trackers and you might want to include AdBlock as well.

LauraSmithMS · Jun 16, 2016

YOU ARE ABSOLUTELY RIGHT Rod Sprague, TRACKERS, SUSPICIOUS LINKS, POP-UPS AND EMAIL SPAMS ARE THE MAIN CULPRITS AND USERS MUST NOT DOWNLOAD OTHER THAN APP STORES Y PPL DUN UNDERSTAND THIS AND JUST CARELESSLY CLICK ANY LINK COMES IN THEIR WAY

RansomWhere?

MightyGem

ferrarr

MacInWin

Guest

harryb2448

pm-r

pm-r

MacInWin

Guest

Rod

MightyGem

pm-r

MightyGem

pm-r

Rod

MightyGem

LauraSmithMS

Rod

LauraSmithMS

Shop Amazon