MacRansom is a new ransomware developed by hackers and being offered up as service to anyone. Mac users have enjoyed a long stretch of generally being left alone when it comes to viruses and malware. Now, there has been an uptick in the instances of bugs and hacks for macOS and MacRansom is offering their ransomware for free. According to NetMarketShare, 91% of users are running Windows and only 6% of users are running macOS. So you see why hackers tend to concentrate on Windows, the larger user base has a higher return.
Fortinet reports that they’ve discovered MacRansom as a Ransomware-as-a-service (RaaS) which is a typical thing for Windows exploits but not Mac. The authors of this ransomware for Mac claim to be engineers for companies like Yahoo and Facebook. This seems an attempt to lend authority to their work which could sway some people into using their software.
Fortinet attempted to contact the authors and did receive a response and subsequent emails and finally the software itself. Fortinet has also tested and verified that the ransomware is legit and offers up this conclusion.
It is not every day that we see new ransomware specifically targeting Mac OS platform. Even if it is far inferior from most current ransomware targeting Windows, it doesn’t fail to encrypt victim’s files or prevent access to important files, thereby causing real damage.
Last but not the least, this MacRansom variant is potentially being brewed by copycats as we saw quite a lot of similar code and ideas taken from previous OSX ransomware. Even though it utilizes anti-analysis tricks, which differs from previous OSX ransomware, these are well-known techniques widely deployed by many malware authors. MacRansom is yet another example of the prevalence of the ransomware threat, regardless of the OS platform being run. There are no perfect mitigations against ransomware. However, the impact can be minimized by doing regular backups of important files and being cautious when opening files from unidentified sources or developers.
Mac users beware, macOS is being targeted more heavily and as Fortinet says, regularly backing up and taking care what files you download or open is key to protecting yourself. Read Fortinet’s full detailed technical report at the link below.
Last Updated on June 14, 2017.