It’s no secret that malware tends to be more of a significant issue for PC users than Mac users. And while Apple’s advertising materials might suggest otherwise, this isn’t due to the fact that Macs are impervious to malware and inherently more secure. On the contrary, malware creators prioritize Windows simply because it’s the most widely used computing platform on the planet. While macOS certainly has layers of sophisticated security, its paltry market share has long made it an unattractive target for all types of malware, including ransomware.
In recent years, however, we’ve seen an increase in malware specifically targeting Mac users. And just this week, security researchers from MalwareHunterTeam made a startling discovery. For the first time, it seems that ransomware creators are trying to develop code capable of infecting macOS machines.
For context, ransomware is an insidious form of malware that encrypts a user’s files, rendering them impossible to open. If a user wants to regain access to their files, they have to pay a ransom in the form of a Bitcoin payment in exchange for a decryption key.
MalwareHunterTeam writes that evidence of LockBit ransomware attempting to target Macs first emerged in November of 2022. If LockBit sounds familiar, it’s because it tends to be in the news quite often. Just this week, the ransomware infected Venezuela’s largest bank. In previous months, LockBit has infected government institutions and hospitals.
The US Department of Justice has previously said that LockBit is one of the “most active and destructive ransomware variants in the world.” All told, it’s believed that the LockBit ransomware group — which is believed to have ties to Russia — has generated well over $100 million in ransom payouts over the years.
Mac ransomware is still in its infancy
Security researchers found that the LockBit ransomware, while still in its infancy, not only targets new Macs, but older Macs with PowerPC processors as well. I can’t imagine there are many people still using Macs that are that old, but it does show how wide of a net the ransomware group is casting.
The good news, though, is that all of the work targeting Macs appears to be in its preliminary form.
Researchers say the LockBit Mac ransomware appears to be more of a first foray than anything that’s fully functional and ready to be used. But the tinkering could indicate future plans, especially given that more businesses and institutions have been incorporating Macs, which could make it more appealing for ransomware attackers to invest time and resources so they can target Apple computers.
For now, Wardle notes that LockBit’s macOS encryptors seem to be in a very early phase and still have fundamental development issues like crashing on launch. And to create truly effective attack tools, LockBit will need to figure out how to circumvent macOS protections, including validity checks that Apple has added in recent years for running new software on Macs.
As usual, safety-minded MacOS users should make sure to keep their system up to date and refrain from clicking on suspicious links. An Apple guide on how to best secure your Mac from all forms of malware is viewable here.