Security researchers are examining newly discovered Mac ransomware samples from the notorious gang LockBit, marking the first known example of a prominent ransomware group toying with macOS versions of its malware.
Ransomware is a pervasive threat, but attackers typically don’t bother creating versions of their malware to target Macs. That’s because Apple’s computers, while popular, are much less prevalent than those running Windows, Linux, and other operating systems. Over the years, though, samples of seemingly experimental Mac ransomware have cropped up a couple of times, creating a sense that the risk could escalate at any moment.
Spotted by MalwareHunterTeam, the samples of ransomware encryptors seem to have first cropped up in the malware analysis repository VirusTotal in November and December 2022, but went unnoticed until yesterday. LockBit seems to have created both a version of the encryptor targeting newer Macs running Apple processors and older Macs that ran on Apple’s PowerPC chips.
Researchers say the LockBit Mac ransomware appears to be more of a first foray than anything that’s fully functional and ready to be used. But the tinkering could indicate future plans, especially given that more businesses and institutions have been incorporating Macs, which could make it more appealing for ransomware attackers to invest time and resources so they can target Apple computers.
“It’s unsurprising but concerning that a large and successful ransomware group has now set their sights on macOS,” says longtime Mac security researcher and Objective-See Foundation founder Patrick Wardle. “It would be naive to assume that LockBit won’t improve and iterate on this ransomware, potentially creating a more effective and destructive version.”
Post Disclaimer
The information provided in our posts or blogs are for educational and informative purposes only. We do not guarantee the accuracy, completeness or suitability of the information. We do not provide financial or investment advice. Readers should always seek professional advice before making any financial or investment decisions based on the information provided in our content. We will not be held responsible for any losses, damages or consequences that may arise from relying on the information provided in our content.
