Does Mac Ransomware Exist?

Ransomware typically targets Windows PCs, but don’t think your Mac is immune – more and more Mac ransomware are appearing.

Arguably the biggest cyber security threat at the moment, ransomware is malicious software that blocks access to files or folders on a computer or network by encrypting them, and offering a decryption tool in exchange for money or cryptocurrency. Malware such as ransomware is just software, but with harmful intent. Since Macs run macOS, Windows malware won’t affect them, and for many years it was believed that Macs were immune to malware and viruses. However, this is not the case – Macs can and do become infected. While less prevalent than Windows ransomware, Mac ransomware is out there, and you should follow the same precautions as everyone else.

Apple provide a solid built-in layer of protection against ransomware and other forms of Mac malware. Adopting a three-pronged approach with XPotect, Gatekeeper and Notarization, Apple are pretty effective at intercepting and eliminating most cyber threats, however some can and do sneak through their defences.

In 2015, two proof of concept ransomwares, Gopher and Mabouia, were created to show how easily ransomware could be created and spread on Macs. The following year saw the KeRanger ransomware spread. Hidden within an installer for BitTorrent client Transmission, KeRanger infects all files and places a .txt ransom note in each folder, demanding 1 BitCoin. Because KeRanger used Apple’s security signature, it was recognised as legitimate, and was able to spread to nearly 7000 Macs. Apple soon revoked its security certificate. The Patcher ransomware, first identified in 2017, poses as a cracking tool for Adobe Premier Pro and Microsoft Office for Mac, and encrypts all files on an infected system. 0.25 Bitcoin is then demanded in exchange for the decryption key, which is not provided.

While Apple has strengthened its protections in recent years, given the above examples, it would benefit Mac users to take additional defensive measures to protect themselves against ransomware and other forms of malware. There are a few steps Mac users can take. You should only use reputable software, and not be tempted by free versions of commercial software like Microsoft Office that are available on torrent websites. Official versions are authenticated by Apple, bootleg versions are not. You should also keep your operating system up-to-date, to ensure that your Mac is protected against any identified vulnerabilities. It is also worth looking at installing a third party antivirus to add an extra layer of prorection.

If you do become the unfortunate victim of Mac ransomware, it is important not to pay the ransom; as victims of the Patcher ransomware found out, paying up doesn’t necessarily mean you’ll be given the decryption tool. Additionally, law enforcement agencies worldwide advise against paying ransoms, as this gives the green light to cybercriminals that their venture is profitable. Performing regular backups of your Mac will allow you to restore your backup in the event of an infection.

Data Recovery