MacRansom Targets Macs With Ransomware-as-a-Service

MacRansom is a new type of ransomware that targets Mac operating systems. The malware has several bugs, but that won’t stop it from causing major headaches. Its existence also points toward a future with more ransomware attacks on Mac OS X, which has long been on the sidelines of these cyberattacks.

The First Ransomware-as-a-Service That Affects Mac OS X

MacRansom is not the first strain of ransomware to target a Mac operating system. That distinction goes to KeRanger, whose makers somehow obtained a valid developer signature from Apple. That allowed them to bypass Gatekeeper and infect approximately 7,000 Apple computers.

MacRansom does not have a developer signature, but its authors have a way around that. They offer the ransomware for free download with instructions on how to physically install it on someone’s computer. The person who infects the computer sets the ransom amount and the developers take a percentage of any profits.

In the FAQ on the MacRansom portal, the developers say the ransomware is for people who want to “covertly retaliate against another Mac user” or “who want to earn easy money from unsuspecting family members, friends, colleagues and classmates.” Yikes!

MacRansom Has Flaws, But It Can Still Encrypt Your Files

The security experts at Fortinet who discovered MacRansom found several bugs in the programming. For one, it appears to encrypt a maximum of 128 files. That’s the good news.

MacRansom's TOR portal discovered by Fortinet.
MacRansom’s TOR portal discovered by Fortinet.

The bad news is that the MacRansom authors may not have the ability to decrypt files even after victims pay the ransom. Because the code has several design flaws, the decrypt key may disappear for good after the files are encrypted.

This is one of the most frustrating aspects of ransomware. A victim can pay as a measure of last resort and the attackers may not even have the ability to restore the files they encrypted.

MacRansom Hints at Wild Future

This particular strain of ransomware may struggle to gain a foothold in the crowded malware industry. However, it demonstrates how hackers are filling the niches in a blossoming market.

By offering their ransomware for free, the MacRansom authors could convince kids, disgruntled employees, or anyone else with an axe to grind to infect someone’s machine. Since someone downloads the ransomware directly onto your computer, there’s not much you can do to protect yourself. Worst of all, the encryption can be set to initiate when the computer user inserts a USB drive in order to throw them off the scent of who really infected their computer.

Ransomware Makes Cloud Storage More Attractive

Cloud storage isn’t completely immune to malware. However, service providers are more likely to keep recent backups in multiple places, which safeguards against ransomware attacks. Furthermore, cloud storage providers should do more than the average computer user to protect themselves from a cyberattack.

These things make cloud storage for important files particularly attractive. Of course, you can always back up files on a hard drive, disconnect it, and move it somewhere secure. The tools for causing havoc are increasing all the time, so be sure to protect yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *