ThiefQuest Mac Ransomware


ThiefQuest is a file-locking ransomware virus which can be used to extort money from its Mac victims. ThiefQuest typically uses sophisticated cryptography to render digital files inaccessible so that the hackers behind the infection can ask for a ransom.

ThiefQuest Mac Ransomware

ThiefQuest message pop up on Mac

Hundreds of web users are losing access to their most valuable files every day due to accidental infection with this new ransomware virus and may fall prey to the money extortion scheme launched by the crooks behind ThiefQuest. Originally named EvilQuest, the malware was later renamed ThiefQuest to avoid confusion, as EvilQuest is the name of a video game.The victims are typically asked to immediately transfer a certain amount of money to a given cryptocurrency account in order to receive a decryption key for the files that the virus has encrypted. If you are on this page, however, we assume that you are not ready to pay a ransom to some anonymous hackers and are more interested in how to remove the infection and restore your files by other means. That’s why, in the next lines, we will provide you with information about the specifics of ThiefQuest and the methods that you can use to deal with it.

The ThiefQuest Ransomware

The ThiefQuest ransomware is a virus threat that seeks to keep its victims’ most valuable data unavailable so it can harass them to pay a ransom. The crooks behind the ThiefQuest ransomware promise that, in exchange for the payment, they will send the victims a unique decryption key for their files.

ThiefQuest Mac Ransomware

ThiefQuest ransom note

Typically, the hackers inform the attacked user about the payment instructions by placing a ransom notification on their screen shortly after the file-encryption is done. If the files that have been encrypted are of not such a great importance to you or you have backups from where you can recover them, however, you have the option to remove the virus and use your computer as before. The manual guide below contains instructions on how to remove ThiefQuest and a professional program that can help you do that without much of hassle. If the virus has been able to detect and encrypt files of significant interest to you, though, you may have to carefully consider all the risks and the alternatives for file recovery in order to deal with the consequences of the attack in the best possible way.

The ThiefQuest on Mac

The ThiefQuest on Mac file encryption is a method used to protect files from being accessed without a decryption key. The ThiefQuest on Mac file encryption is a sophisticated algorithm that can only be reversed with the application of a matching decryption key.  

Yet even though the hackers may tell you that the only way to recover your files is to pay the required ransom, many security professionals advise that you should take time to think about the various alternative approaches to this problem instead of simply transferring the necessary amount and waiting for the crooks to send you a key. In fact, paying the ransom should be your very last resort because there is no way to tell whether the hackers will really provide such a key or not. That’s why our suggestion is to take a look at the removal guide on this page as well as the file recovery options that we have listed there.



Name ThiefQuest
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Not Available
Detection Tool

ThiefQuest Mac Ransomware Removal

ThiefQuest Mac Ransomware

The first thing you need to do is to Quit Safari (if it is opened). If you have trouble closing it normally, you may need to Force Quit Safari:

You can choose the Apple menu and click on Force Quit.

Alternatively, you can simultaneously press (the Command key situated next to the space bar), Option (the key right next to it) and Escape (the key located at the upper left corner of your keyboard).

If you have done it right a dialog box titled Force Quit Applications will open up.

In this new dialog window select Safari, then press the Force Quit button, then confirm with Force Quit again.

Close the dialog box/window.

ThiefQuest Mac Ransomware


Start Activity Monitor by opening up Finder, then proceed to ThiefQuest Mac Ransomware

Once there, look at all the processes: if you believe any of them are hijacking your results, or are part of the problem, highlight the process with your mouse, then click the “i” button at the top. This will open up the following box:

ThiefQuest Mac Ransomware

Now click on Sample at the bottom:

ThiefQuest Mac Ransomware

Do this for all processes you believe are part of the threat, and run any suspicious files in our online virus scanner, then delete the malicious files:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
ThiefQuest Mac Ransomware
Drag and Drop File Here To Scan
ThiefQuest Mac Ransomware
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    ThiefQuest Mac Ransomware

    The next step is to safely launch Safari again. Press and hold the Shift key while relaunching Safari. This will prevent Safari’s previously opened pages from loading again. Once Safari is opened up, you can release the Shift key.

    On the off chance that you are still having trouble with scripts interrupting the closing of unwanted pages in Safari, you may need to take some additional measures.

    First, Force Quit Safari again.

    Now if you are using a Wi-Fi connection turn it off by selecting Wi-Fi off in you Mac’s Menu. If you are using a cable internet (Ethernet connection), disconnect the Ethernet cable.

    ThiefQuest Mac Ransomware

    Re-Launch Safari but don’t forget to press and hold the Shift button while doing it, so no previous pages can be opened up. Now, Click on Preferences in the Safari menu,

    ThiefQuest Mac Ransomware

    and then again on the Extensions tab,

    ThiefQuest Mac Ransomware

    Select and Uninstall any extensions that you don’t recognize by clicking on the Uninstall button. If you are not sure and don’t want to take any risks you can safely uninstall all extensions, none are required for normal system operation.
    ThiefQuest Mac Ransomware

    The threat has likely infected all of your browsers. The instructions below need to be applied for all browsers you are using.

    Again select Preferences in the Safari Menu, but this time click on the Privacy tab,
    ThiefQuest Mac Ransomware

    Now click on Remove All Website Data, confirm with Remove Now. Keep in mind that after you do this all stored website data will be deleted. You will need to sign-in again for all websites that require any form of authentication.

    Still in the Preferences menu, hit the General tab

    ThiefQuest Mac Ransomware

    Check if your Homepage is the one you have selected, if not change it to whatever you prefer.
    ThiefQuest Mac Ransomware

    Select the History menu this time, and click on Clear History. This way you will prevent accidentally opening a problematic web page again.

    ThiefQuest Mac Ransomware How to Remove ThiefQuest From Firefox in OSX:

    Open Firefox, click on ThiefQuest Mac Ransomware (top right) ——-> Add-ons. Hit Extensions next.

    ThiefQuest Mac Ransomware

    The problem should be lurking somewhere around here – Remove it. Then Refresh Your Firefox Settings.

    ThiefQuest Mac RansomwareHow to Remove ThiefQuest From Chrome in OSX:

    Start Chrome, click ThiefQuest Mac Ransomware —–>More Tools —–> Extensions. There, find the malware and select ThiefQuest Mac Ransomware.

    ThiefQuest Mac Ransomware

    Click ThiefQuest Mac Ransomware again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines. Delete everything but the search engines you normally use. After that Reset Your Chrome Settings.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment