The “LockBit” ransomware gang are said to be developing encoding programs specifically targeting Macs. This would make LockBit the first ransomware group to be particularly focused on macOS.
An archive with different LockBit ransomware versions recently appearing on Virustotal included one release particularly for macOS. Having undertaken a first analysis of this malware, there are growing signs that this is a test version. Due to the lack of certain certificates, macOS prevents the malware software from running. Some programming errors also mean LockBit is unable to unleash its full destructive power under macOS.
The danger to Apple devices is currently considered slight. LockBit simply hasn’t implemented all the functions necessary to guarantee effective encryption yet.
Still, Mac users shouldn’t feel all too secure either. The cyber-criminals’ official mouthpiece also confirmed that LockBit for macOS is currently under active development. LockBit is considered the “market leader” amongst ransomware groups.
How can Mac users best protect themselves? Generally speaking, we recommend following our “5 steps for your digital security” which can be found here. One special feature of macOS is that its firewall is not activated by default, but has to be switched on under system settings/network/firewall first.
