Sometimes a person is fortunate to be using MacOS, and for other reasons than usual. After a session of Karma, having my main Time Machine die only a week after I was bragging that I haven't lost a hard drive in a decade, I zoomed into Walmart, avoiding all the Typhoid Marys and her male counterparts with no masks, and bought a Seagate 2TB drive. ($59)
I didn't think about it at the time, but it wasn't plastic welded in the usual carton that requires more time to breach than to format the drive - it just easily opened. And I didn't remember cutting the seal on the cardboard package. When I opened Disk Utility, it looked weird. Formatted as ExFat naturally, but with several unknown partitions at the end. There were nine files in the first partition, and obviously for windows as a couple were .exe. I assumed that this was the usual utilities for backup and such, but for some reason, the drive absolutely would not format, and further, it was reporting itself as only 500gb, although the drive itself had the 2tb stamp. It had to be bad hardware.
My Winders experience ended with XP long ago, but my Nephew is a tech at the local school district and has a mix of both Apple and PCs. He quickly determined that the drive had been loaded with the Zigsaw Ransomware loader. ????
So. Apparently someone bought the drive, loaded it, then returned it to the store, where naturally it was put back on the shelf as new. This is an infection path that I never thought of, but to me it seems somewhat inefficient, as Walmart would certainly begin to notice many drives being purchased, then immediately returned. I assume it was some local yahoo doing it for kicks, or maybe he/she actually set it to work for them.
So, even with a Mac, the close inspection of all new hardware packaging is advised.
I didn't think about it at the time, but it wasn't plastic welded in the usual carton that requires more time to breach than to format the drive - it just easily opened. And I didn't remember cutting the seal on the cardboard package. When I opened Disk Utility, it looked weird. Formatted as ExFat naturally, but with several unknown partitions at the end. There were nine files in the first partition, and obviously for windows as a couple were .exe. I assumed that this was the usual utilities for backup and such, but for some reason, the drive absolutely would not format, and further, it was reporting itself as only 500gb, although the drive itself had the 2tb stamp. It had to be bad hardware.
My Winders experience ended with XP long ago, but my Nephew is a tech at the local school district and has a mix of both Apple and PCs. He quickly determined that the drive had been loaded with the Zigsaw Ransomware loader. ????
So. Apparently someone bought the drive, loaded it, then returned it to the store, where naturally it was put back on the shelf as new. This is an infection path that I never thought of, but to me it seems somewhat inefficient, as Walmart would certainly begin to notice many drives being purchased, then immediately returned. I assume it was some local yahoo doing it for kicks, or maybe he/she actually set it to work for them.
So, even with a Mac, the close inspection of all new hardware packaging is advised.
