MacOS in ran­somware groups’ sights

The “LockBit” ran­somware gang are said to be devel­oping encoding pro­grams specif­i­cally tar­geting Macs. This would make LockBit the first ran­somware group to be par­tic­u­larly focused on macOS.

An archive with dif­ferent LockBit ran­somware ver­sions recently appearing on Virus­total included one release par­tic­u­larly for macOS. Having under­taken a first analysis of this mal­ware, there are growing signs that this is a test ver­sion. Due to the lack of cer­tain cer­tifi­cates, macOS pre­vents the mal­ware soft­ware from run­ning. Some pro­gram­ming errors also mean LockBit is unable to unleash its full destruc­tive power under macOS.

The danger to Apple devices is cur­rently con­sid­ered slight. LockBit simply hasn’t imple­mented all the func­tions nec­es­sary to guar­antee effec­tive encryp­tion yet.

Still, Mac users shouldn’t feel all too secure either. The cyber-crim­i­nals’ offi­cial mouth­piece also con­firmed that LockBit for macOS is cur­rently under active devel­op­ment. LockBit is con­sid­ered the “market leader” amongst ran­somware groups.

How can Mac users best pro­tect them­selves? Gen­er­ally speaking, we rec­om­mend fol­lowing our “5 steps for your dig­ital secu­rity” which can be found here. One spe­cial fea­ture of macOS is that its fire­wall is not acti­vated by default, but has to be switched on under system settings/network/fire­wall first.