Patcher Ransomware Removal Guide

Do you know what Patcher Ransomware is?

Patcher Ransomware is a new computer infection targeting users’ personal files. It was discovered some time ago, but it seems that it has already affected a number of computers and encrypted hundreds of users’ files already because specialists keep getting complaints from users who find that it is impossible to access any of their files. If you suspect that you have become a victim of Patcher Ransomware too, go to remove this malicious application as soon as possible. It should not be that hard to do that with our help, but, unfortunately, it might be impossible to get back files encrypted by this file-encrypting threat. Ransomware infections are, undoubtedly, developed by cyber criminals to extort money from people. Users are usually told that they could unlock their files after transferring a certain amount of money to crooks. Unfortunately, in this case, paying money might also not help users to decrypt their files because Patcher Ransomware does not send the generated private key to its online server, which suggests that cyber criminals could not unlock files for you either even though the ransom note left on the system by this ransomware after the encryption of files claims that “there is no other way to get your files, except make a payment.”

It should be noted that Patcher Ransomware is a Mac OS ransomware, so Windows users should be safe for now. Researchers have found that this infection uses a sophisticated method to enter systems. It is spread through torrent files which should download cracks for certain MAC applications, but users, of course, do not get a crack they need. Instead, they download a .zip archive which contains a binary file whose name ends in the Patcher string, for example, Office 2016 Patcher. Users launch a ransomware infection by opening this file. It immediately opens a window with the Start button in the middle. Clicking on this button starts the encryption of users’ files (e.g. pictures, documents, music, etc.) in /Users and /Volumes directories. It is not the only activity it performs, specialists say. Our malware analysts who carried out research have also noticed that this malicious application also tries to delete the free space of the root partition on the hard drive. Luckily, it is coded extremely poorly and does not succeed in doing that.

After the successful infiltration and encryption of data stored on the affected computer, it drops README!.txt in all directories. This file is a ransom note which informs users that files having the .crypt filename extension “were protected by a strong encryption method”, and the only way to unlock them is to send 0.25 Bitcoin (~ $295) to 1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb (Bitcoin address). Evidently, Patcher Ransomware has also been developed to obtain money from users. Do not be naïve and do not go to make a payment by any means because, as has already been mentioned, cyber criminals do not even have the key that can unlock files, which means that they could not unlock the encrypted data for you even if you send them money. What you should focus on instead is the removal of Patcher Ransomware.

It seems that Patcher Ransomware does not install itself on the computer, i.e. it works from the place it has been downloaded and launched, e.g. from the Downloads folder, so it should be enough to delete the file having the word Patcher in its name to deactivate Patcher Ransomware. If you cannot find this file anywhere, a malware remover working on computers with Mac OS should be used. The automatic method is, of course, several times quicker and, undoubtedly, more reliable.

Delete Patcher Ransomware

  1. Locate the file having the Patcher string, for example, Office Patcher on the system.
  2. Delete it.
  3. Restart the computer.
  4. Use an automatic scanner to check if all malicious components are erased.

In non-techie terms:

Patcher Ransomware is disguised as a useful application. More specifically, it is spread as a piece of software that can crack applications for Mac OS. Of course, the truth comes out quickly – it is nothing more than a file-encrypting threat. Its entrance is directly associated with the inability to access important files. Of course, it wants money from users, so it tells them that the only way to unlock files is to pay money for the decryption key. Users should not give cyber criminals a penny because, as our team of experienced specialists have found, the key is not sent by ransomware to its server after the encryption, which means that crooks do not have it too and cannot unlock users’ files for them.