It’s Happened – Ransomware Now Affects Mac Computers

Despite what you may think, Apple’s exclusive OS X operating system is not naturally safe from new mac ransomware threats. A new ransomware variant is now targeting Apple’s Mac computers, and although it is crude, it is certainly effective. What’s inside the guts of this new extortion malware—and why has it taken so long for the ransomware tidal wave to swamp Apple?

Security through obscurity?

There is no truth to the idea that Apple’s computers are somehow harder to hack—either through viruses, exploits, or social engineering—than their Windows or Linux counterparts. The reason for their relative security is simple. Apple computers represent only 7.4% of the global market share, and 13% of the market share in the US. With fewer computers on the market, it’s simply not been worth it for hackers to write specialized malware.

mac ransomware sucks

Even this small ransomware protection has been steadily declining, however. The latest ransomware attack is only the most visible manifestation of a growing problem for Apple software. A report from Kaspersky Labs shows that while the first OS X malware showed up as late as 2003, the total number of OS X malware grew 3,600% from 2010 to 2014. In fact, this latest ransomware outbreak isn’t even the first to affect OS X systems, with a program known as KeRanger emerging in March 2016.

Given that Mac OS X computers are definitely vulnerable to ransomware, how does the latest emerging ransomware variant take advantage of these capabilities? More importantly, how can users defend themselves from this emerging threat?

Crude, slightly broken, and definitely dangerous

This new ransomware variant, the creatively-named MacRansom, is definitely not up to the standard of the finely-crafted malware, such as Cryptolocker, that’s been giving Windows users so many headaches. It only encrypts 128 files at a time, and it’s so poorly coded that it mangles the files it encrypts. Unfortunately there’s still a way that they can get a hold of your enterprise backups albeit slowly.

Therefore, even if victims pay up the $700 ransom, they’ll never be able to fully restore that data.

There are some technically-sophisticated aspects to this virus, but nothing stunning. It copies features that were used in previous versions of Apple ransomware, such as KeRanger, and incorporates techniques to hide itself from antivirus. These are all features that have been seen before on malware targeted at Windows machines.

The real danger posed by MacRansom isn’t in its technical wizardry, but rather in its availability. MacRansom is part of a growing category of ransomware known as Ransomware-as-a-Service (RaaS). MacRansom isn’t the sole intellectual property of a single group of criminals—it’s for sale.

What does the rise of RaaS mean for OS X users? (And everyone else)

Hackers no longer need specialized computing knowledge to code a ransomware program that’s specific to Apple computers. Rather, all they need is an internet connection and the address of the right TOR gateway. Wannabe attackers don’t even need to pay up front—the malware is hard coded to divert a percentage of any paid ransom into the coffers of the original authors.

MacRansom is part of a disturbing trend, where increasingly powerful malware is being delivered into the hands of people who have zero technical skills. This lessened barrier to entry will certainly mean more attacks against both Mac and Windows computers, and the slipshod nature of these RaaS viruses means that fewer people will be able to recover their data.

For information on how to back up your data with a service that can automatically detect and mitigate ransomware, contact Unitrends today for a free demo.


Discover how Unitrends can help protect your organization's sensitive data