What to know about the threat of ransomware for Macs

For the first time, a prominent ransomware group appears to be actively targeting macOS computers. Discovered last weekend by MalwareHunterTeam, the code sample suggests that the Russia-based LockBit gang is working on a version of its malware that would encrypt files on Mac devices.

Small businesses, large enterprises, and government institutions are frequently the target of ransomware attacks. Hackers often use phishing emails to send real-seeming messages to try to trick staff into downloading the ransomware payload. Once it’s in, the malware spreads around any computer systems, automatically encrypting user files and preventing the organization from operating until a ransom is paid—usually in crypto currencies like Bitcoin. 

Over the past few years, ransomware attacks have disrupted fuel pipelines, schools, hospitals, cloud providers, and countless other businesses. LockBit has been responsible for hundreds of these attacks, and in the past six months has brought down the UK’s Royal Mail international shipping service and disrupted operations in a Canadian children’s hospital over the Christmas period.

Up until now, these ransomware attacks mostly targeted Windows, Linux, and other enterprise operating systems. While Apple computers are popular with consumers, they aren’t as commonly used in the kind of businesses and other deep-pocketed organizations that ransomware gangs typically go after. 

MalwareHunterTeam, an independent group of security researchers, only discovered the Mac encryptors recently, but they have apparently been present on malware-tracking site VirusTotal since November last year. One encryptor targets Apple Macs with the newer M1 chips, while another targets those with Power PC CPUs, which were all developed before 2006. Presumably, there is a third encryptor somewhere that targets Intel-based Macs, although it doesn’t appear to be in the VirusTotal repository. 

Fortunately, when BleepingComputer assessed the Apple M1 encryptor, it found a fairly half-baked bit of malware. There were lots of code fragments that they said “are out of place in a macOS encryptor.” It concluded that the encryptor was “likely…