{"id":630961,"date":"2023-04-18T17:00:00","date_gmt":"2023-04-18T22:00:00","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/04\/18\/ransomware-intended-for-macs-is-cause-for-concern-not-panic\/"},"modified":"2023-04-18T17:00:00","modified_gmt":"2023-04-18T22:00:00","slug":"ransomware-intended-for-macs-is-cause-for-concern-not-panic","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/04\/18\/ransomware-intended-for-macs-is-cause-for-concern-not-panic\/","title":{"rendered":"Ransomware intended for Macs is cause for concern, not panic"},"content":{"rendered":"
\n

For the first time, a prominent ransomware group appears to be actively targeting macOS computers. Discovered last weekend by MalwareHunterTeam<\/a>, the code sample suggests that the Russia-based LockBit gang is working on a version of its malware that would encrypt files on Mac devices.<\/p>\n

Small businesses, large enterprises, and government institutions are frequently the target<\/a> of ransomware attacks. Hackers often use phishing emails to send real-seeming messages to try to trick staff into downloading the ransomware payload. Once it\u2019s in, the malware spreads around any computer systems, automatically encrypting user files and preventing the organization from operating until a ransom is paid\u2014usually in crypto currencies like Bitcoin.\u00a0<\/p>\n

Over the past few years, ransomware attacks have disrupted fuel pipelines<\/a>, schools<\/a>, hospitals<\/a>, cloud providers<\/a>, and countless other businesses<\/a>. LockBit has been responsible for hundreds of these attacks<\/a>, and in the past six months has brought down the UK\u2019s Royal Mail international shipping service<\/a> and disrupted operations in a Canadian children\u2019s hospital<\/a> over the Christmas period.<\/p>\n

Up until now<\/a>, these ransomware attacks mostly targeted Windows, Linux, and other enterprise operating systems. While Apple computers are popular with consumers, they aren\u2019t as commonly used in the kind of businesses and other deep-pocketed organizations that ransomware gangs typically go after.\u00a0<\/p>\n

MalwareHunterTeam, an independent group of security researchers, only discovered the Mac encryptors recently, but they have apparently been present on malware-tracking site VirusTotal<\/a> since November last year. One encryptor targets Apple Macs with the newer M1 chips, while another targets those with Power PC CPUs, which were all developed before 2006<\/a>. Presumably, there is a third encryptor somewhere that targets Intel-based Macs, although it doesn\u2019t appear to be in the VirusTotal repository.\u00a0<\/p>\n

Fortunately, when BleepingComputer assessed the Apple M1 encryptor<\/a>, it found a fairly half-baked bit of malware. There were lots of code fragments that they said \u201care out of place in a macOS encryptor.\u201d It concluded that the encryptor was \u201clikely haphazardly thrown together in a test.\u201d<\/p>\n

In a deep dive into the M1 encryptor<\/a>, security researcher Patrick Wardle discovered much the same thing. He found that the code was incomplete, buggy, and missing the features necessary to actually encrypt files on a Mac. In fact, since it wasn\u2019t signed with an Apple Developer ID, it wouldn\u2019t even run in its present state. According to Wardle, \u201cthe average macOS user is unlikely to be impacted by this LockBit macOS sample\u201d but that a \u201clarge ransomware gang has apparently set its sights on macOS, should give us pause for concern and also catalyze conversions about detecting and preventing this (and future) samples in the first place!\u201d<\/p>\n

Apple has also preemptively implemented a number of security features that mitigate the risks from ransomware attacks. According to Wardle, operating system-level files are protected by both System Integrity Protection<\/a> and read-only system volumes. This makes it hard for ransomware to do much to disrupt how macOS works even if it does end up on your computer. Similarly, Apple protects directories such as the Desktop, Documents, and other folders, so the ransomware wouldn\u2019t be able to encrypt them without user approval or an exploit. This doesn\u2019t mean it\u2019s impossible that ransomware could work on a Mac, but it certainly won\u2019t be easy on those that are kept up-to-date with the latest security features.\u00a0<\/p>\n

Still, the fact that a large hacking group is seemingly targeting Macs is still a big deal\u2014and it\u2019s a reminder that whatever reputation Apple has for developing more secure devices<\/a> is constantly being put to the test.\u00a0When BleepingComputer contacted<\/a> LockBitSupp, the public face of LockBit, the group confirmed that a Mac encryptor is \u201cactively being developed.\u201d While the ransomware won\u2019t do much in its present state, you should always keep your Mac up-to-date\u2014and be careful with any suspicious files you download from the internet.<\/p>\n<\/p><\/div>\n

Read More<\/a>
\n Harry Guinness<\/p>\n","protected":false},"excerpt":{"rendered":"

For the first time, a prominent ransomware group appears to be actively targeting macOS computers. Discovered last weekend by MalwareHunterTeam, the code sample suggests that the Russia-based LockBit gang is working on a version of its malware that would encrypt files on Mac devices. Small businesses, large enterprises, and government institutions are frequently the target […]<\/p>\n","protected":false},"author":1,"featured_media":630962,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[534,121723,31358],"tags":[],"class_list":{"0":"post-630961","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-financial","8":"category-intended","9":"category-ransomware"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/630961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=630961"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/630961\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/630962"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=630961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=630961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=630961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}