EvilQuest Ransomware Mac


EvilQuest is a data-locking virus used by cyber criminals to restrict access to the files found on the targeted Mac computer. EvilQuest causes harm by not allowing its victims to open or use their files and by asking a ransom in exchange for restoring access to them.

EvilQuest Ransomware Mac

The EvilQuest ransomware is targeting macOS users

What is typical for infections such as EvilQuest is that they will apply encryption to a list of user files secretly and then, once the files are rendered inaccessible, they will display a ransom notification on the infected Mac computer’s screen. Due to the ransom payment they require in order to decrypt the encrypted files, such threats are known as ransomware cryptoviruses. These threats aren’t new to the cyber world but, sadly, there is still no 100% effective method of dealing with them. On this page, however, we will do our best to provide you with instructions on how to detect and remove EvilQuest and how to possibly recover some of your files without paying a ransom.

The biggest challenge when dealing with ransomware threats comes from the fact that they cannot be easily detected and stopped in time. Cryptoviruses like EvilQuest usually do not show any apparent symptoms that users can detect and the worst thing is that most antivirus programs are also useless when it comes to detecting and stopping the file-encryption process that the malware runs in the background of the system. This is because the encryption of data is normally a file protection method, not a malicious process, and it does no harm or corruption to the files it is applied to. Therefore, most security programs either do not recognize this process as unsafe and do nothing to warn users about it. In this way, the ransomware can have the advantage of surprise and can set completely shock its victims when it displays a ransom note on their screen.

The EvilQuest Ransomware

The EvilQuest ransomware is a malicious piece of software used for extortion. The people behind the EvilQuest ransomware demand a ransom from the victims in order to provide them with a decryption key for the files that the malware has encrypted.

EvilQuest Ransomware Mac

Pirated popular apps infected with EvilQuest ransomware

EvilQuest can encrypt large portions of user data including digital documents, databases, archives, personal collections of images, videos and audios and more. Unfortunately, there is no certainty that the encrypted files will be accessible again even after the EvilQuest virus has been removed from the system. This is a huge challenge awaiting the victims of the ransomware.

However, there are some methods that potentially may allow them to restore their data to some degree if they successfully remove the virus. If you are interested in those methods, you can read more about them in the file recovery section of the removal guide below. Of course, if you have personal backups of your data, now is the time to use them. Just make sure that you really remove EvilQuest before you connect your backup sources otherwise the ransomware may encrypt them before you even manage to access your copies.

EvilQuest on Mac

The EvilQuest on Mac file decryption is a way to retrieve the files encrypted by EvilQuest with a special decryption key. The key for activation of the the EvilQuest on Mac file decryption process, however, is kept by hackers who demand a ransom for it.

Sending money to anonymous cybercrooks, however, is never a good idea not only because you cannot trust them to fulfill their promises but also because, in this way, you are only sponsoring their extortion scheme. Therefore, our “How to remove” team will NOT encourage you to fulfill the hackers’ demands and will point your attention to the free alternatives listed in the removal guide below.



Name EvilQuest
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Not Available
Detection Tool

Remove EvilQuest Ransomware from Mac

EvilQuest Ransomware Mac

The first thing you need to do is to Quit Safari (if it is opened). If you have trouble closing it normally, you may need to Force Quit Safari:

You can choose the Apple menu and click on Force Quit.

Alternatively, you can simultaneously press (the Command key situated next to the space bar), Option (the key right next to it) and Escape (the key located at the upper left corner of your keyboard).

If you have done it right a dialog box titled Force Quit Applications will open up.

In this new dialog window select Safari, then press the Force Quit button, then confirm with Force Quit again.

Close the dialog box/window.

EvilQuest Ransomware Mac


Start Activity Monitor by opening up Finder, then proceed to EvilQuest Ransomware Mac

Once there, look at all the processes: if you believe any of them are hijacking your results, or are part of the problem, highlight the process with your mouse, then click the “i” button at the top. This will open up the following box:

EvilQuest Ransomware Mac

Now click on Sample at the bottom:

EvilQuest Ransomware Mac

Do this for all processes you believe are part of the threat, and run any suspicious files in our online virus scanner, then delete the malicious files:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
EvilQuest Ransomware Mac
Drag and Drop File Here To Scan
EvilQuest Ransomware Mac
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    EvilQuest Ransomware Mac

    The next step is to safely launch Safari again. Press and hold the Shift key while relaunching Safari. This will prevent Safari’s previously opened pages from loading again. Once Safari is opened up, you can release the Shift key.

    On the off chance that you are still having trouble with scripts interrupting the closing of unwanted pages in Safari, you may need to take some additional measures.

    First, Force Quit Safari again.

    Now if you are using a Wi-Fi connection turn it off by selecting Wi-Fi off in you Mac’s Menu. If you are using a cable internet (Ethernet connection), disconnect the Ethernet cable.

    EvilQuest Ransomware Mac

    Re-Launch Safari but don’t forget to press and hold the Shift button while doing it, so no previous pages can be opened up. Now, Click on Preferences in the Safari menu,

    EvilQuest Ransomware Mac

    and then again on the Extensions tab,

    EvilQuest Ransomware Mac

    Select and Uninstall any extensions that you don’t recognize by clicking on the Uninstall button. If you are not sure and don’t want to take any risks you can safely uninstall all extensions, none are required for normal system operation.
    EvilQuest Ransomware Mac

    The threat has likely infected all of your browsers. The instructions below need to be applied for all browsers you are using.

    Again select Preferences in the Safari Menu, but this time click on the Privacy tab,
    EvilQuest Ransomware Mac

    Now click on Remove All Website Data, confirm with Remove Now. Keep in mind that after you do this all stored website data will be deleted. You will need to sign-in again for all websites that require any form of authentication.

    Still in the Preferences menu, hit the General tab

    EvilQuest Ransomware Mac

    Check if your Homepage is the one you have selected, if not change it to whatever you prefer.
    EvilQuest Ransomware Mac

    Select the History menu this time, and click on Clear History. This way you will prevent accidentally opening a problematic web page again.

    EvilQuest Ransomware Mac How to Remove EvilQuest From Firefox in OSX:

    Open Firefox, click on EvilQuest Ransomware Mac (top right) ——-> Add-ons. Hit Extensions next.

    EvilQuest Ransomware Mac

    The problem should be lurking somewhere around here – Remove it. Then Refresh Your Firefox Settings.

    EvilQuest Ransomware MacHow to Remove EvilQuest From Chrome in OSX:

    Start Chrome, click EvilQuest Ransomware Mac —–>More Tools —–> Extensions. There, find the malware and select EvilQuest Ransomware Mac.

    EvilQuest Ransomware Mac

    Click EvilQuest Ransomware Mac again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines. Delete everything but the search engines you normally use. After that Reset Your Chrome Settings.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment