Click to Skip Ad
Closing in...

macOS turtle ransomware: No need to hide in your digital shells

Published Dec 4th, 2023 12:07PM EST
MacBook Air 15-Inch Keyboard
Image: Christian de Looper for BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

There’s a new macOS turtle ransomware in town. You don’t need to hide in your digital shell, but you might want to take it slow and avoid having your Mac compromised.

This new macOS ransomware was discovered and analyzed a few days ago by Objective-See (via AppleInsider), and it’s one of those attacks you should be aware of. Still, it’s nothing that you should change your habits – if you know how to navigate online.

Internal references on the data analyzed show the hackers call this attack “Turtlerans,” “TurnmiRansom,” and “TurtleRansom,” so it’s not BGR inventing this malware a name. As expected, it works with Windows and Linux and was recently ported to macOS.

Objective-See goes way deep in the malware, but long story short, your Mac should probably block a possible attack, as you need to actively let it work on your computer. If the attack is successful, here’s what happens: “It reads it into memory, encrypts it with AES (in CTR mode), renames the file, then overwrites the file’s original contents with the encrypted data. Pretty standard ransomware logic,” the blog post reads.

Interestingly, this turtle ransomware is also pretty easy to decrypt (I mean, if you know, you know). That said, the reason to be concerned about this malware is more about the fact that the authors have set their sights on macOS rather than having your files stolen at this moment.

How to prevent yourself from this macOS turtle ransomware?

First and foremost, the publication praises Apple for implementing technologies to protect OS-level files. So, if you have an Apple silicon Mac, your computer is even more protected against attacks that aim at the system’s core files.

In addition, to protect yourself, just make sure to download software and files from places you trust, such as the Mac App Store, directly from developers or websites you know. Before this ransomware attacks, it will ask for access to your files. So, if you’re not sure what you’re downloading – or letting a third-party application access something for no reason – don’t do it/don’t let it.

José Adorno Tech News Reporter

José is a Tech News Reporter at BGR. He has previously covered Apple and iPhone news for 9to5Mac, and was a producer and web editor for Latin America broadcaster TV Globo. He is based out of Brazil.