Mac-based systems have largely been spared the waves of ransomware attacks in the past, but that may be about to change. 

Security researchers recently discovered a few samples of ransomware. This is and of itself isn’t unusual; the last decade has had the cybersecurity and IT industries alike playing a game of whack-a-mole while trying to keep up with new variants. 

What was noteworthy about the discoveries, however, was that the ransomware was designed to target macOS devices, including the newer models of Apple processors.

Ransomware, a form of cyberattack where the contents of a device or network’s storage is encrypted unless the victim pays a fee, has meant big business for cybercriminals for years. Their primary targets have been Windows and Linux-based systems: This is partially due to the relatively robust security settings in macOS, but also due to its smaller installation base. Large institutions and organizations are more likely to run their operations on Linux and Windows (especially given the discontinuation of the Mac OS X Server platform), and their resources and data present more appealing targets.

The ransomware samples seem to be very much in their early stages. None were functional or sophisticated enough to present anything past a nuisance at this point. But, before Mac users collectively breathe a sigh of relief, there’s some bad news. The malicious code has been tracked back to the LockBit syndicate, a notorious Russia-based Ransomware-as-a-Service group that has proven capable of developing and deploying complex and multi-faceted malware in the past.

What can you do?

Whether or not the discovery of macOS ransomware portends a new vector for cybercriminals or if it fizzles out as a momentary blip in computing history, computer users of all platforms should practice basic data hygiene:

• Get a backup strategy in place. You should view backing up your data in the same way as brushing your teeth: It doesn’t take much time and the consequences of not doing it are extremely unpleasant. Keep in mind, however, that ransomware programs can target your backups if they’re connected to your network. In other words, if your backup is a hard drive connected to your computer, that’ll probably get compromised as well. Be sure that your strategy includes encryption and/or immutable snapshots (they can only restore your data, and are thus extremely difficult to tamper with).

• Use unique and difficult-to-guess passwords. If you’ve been using your pet’s name across all of your accounts, there’s a very low barrier for entry for all kinds of cybercrime, ransomware included.

• Think before you click. Ransomware and malware are often spread through malicious email attachments and links online. Check for misspellings, double-check domain names and sender email addresses and use extra caution with any email marked as “URGENT.”

• Invest in cybersecurity training for your organization. Ransomware attacks can be triggered by a single employee. Everyone in your organization, regardless of their position, should be trained to recognize cyber threats and suspicious behavior.

Worried about your network’s security? Interested in providing cybersecurity training for your organization? Nodal can help! Contact us today.