Ransomware has been slow to come to the Mac because its comparatively small market share makes it a less appealing audience for cybercriminals. The first successful program was only detected in March 2016.
This week, security companies Fortinet and AlienVault announced they have found another campaign. The program is being offered by its creators as “ransomware-as-a-service,” a model that lets other hackers download the software in exchange for a one-time payment.
The creators of the ransomware, called MacRansom, claim to be “engineers at Yahoo and Facebook.” In a post published on the MacRansom purchase site, they said they built the utility because the Mac platform “lacks sophisticated malewares.” After coming to the conclusion that people “need such programs,” they built MacRansom and released it to the dark web.
Fortinet contacted the authors using the email address on the webpage. After pretending to be a hacker looking to use the tool, the firm was sent a download link to the program. After reverse engineering the software, the researchers ascertained that MacRansom is a credible threat. It possesses the features that its creators claim and can encrypt files on Mac PCs.
Although it’s fully functioning, Fortinet said that the encryption routine is less sophisticated than modern ransomware attacks on Windows machines. The company also discovered that files encrypted by MacRansom may not be recoverable. While the creators claim to offer decryption capabilities, the software’s code suggests the key is thrown away after the encryption is complete.
The ransomware’s creators also offer another tool to cybercriminals targeting Mac machines. Macspy is a free spyware program that acts as a basic key logger and privacy invader. When installed, it monitors keypresses, listens in to the computer’s microphone and takes screenshots at the request of its controller.
Fortinet and AlienVault said that MacRansom and Macspy demonstrate that no platform is fully secure. While hackers have so far concentrated ransomware attacks on Windows machines, developments in the past year have shown that Macs are at increasing risk too. Fortinet stated that there “are no perfect mitigations” to avoid the threat.
“MacRansom is yet another example of the prevalence of the ransomware threat, regardless of the OS platform being run,” the company said. “There are no perfect mitigations against ransomware. However, the impact can be minimized by doing regular backups of important files and being cautious when opening files from unidentified sources or developers.”
If your computer is infected with ransomware, you should generally not pay up. As MacRansom proves, there is no guarantee you’ll be able to recover your files after you transfer the money. It’s best to take preventive action against malware techniques to limit how many of your files are exposed. A robust backup routine can be of great help in the event that disaster strikes.
