Ransomware on the Mac: How do I protect myself?

M.Sc. Chris Wojzechowski

Ransomware on the Mac: How do I protect myself?

Ransomware on the Mac, is there such a thing? Mac users often feel particularly safe and do not expect that an attack could occur against them. This is partly because the system has been less of a target for hackers in the past. But that is changing more and more.

Because with its increasing popularity, the Mac has also become a much bigger target of attack than it was a few years ago. The more the hardware becomes established and widespread, the more rewarding it eventually becomes for attackers to gain access to the devices. And never before has the Mac been so popular as an end device as it is today. It is therefore logical that attackers are increasingly targeting Macs.

There is something else about the Mac that plays into the hands of hackers. The Mac is mainly used in agencies, companies and by business customers, even though this is certainly not only the case. This in turn means that every Mac contains potentially valuable data. And that makes it interesting for a ransomware attack.

What ransomware is exactly and how it works

Ransomware is derived from the English word “ransom”. Ransomware is therefore about extortion, which is why the term extortion Trojan has become established. This is software that installs itself without being asked in order to blackmail the affected user directly on his computer afterwards. In some cases, there is even ransomware that prints out the ransomware messages via all printers on the network.

Basically, the process is usually quite similar. Although there are different types of Trojan extortion, they all have an almost identical goal. In the end, it’s always about money and encrypting a PC (or in this case, Mac) completely.

Ransomware locks all content through encryption, extorts money from its victims and unlocks data after successful payment. However, on the one hand, this is never completely certain, and on the other hand, an obvious leak took place, so all data has potentially become public. So a ransomware attack has far-reaching consequences.

How Ransomware works on the Mac

The Mac is also increasingly at risk. This was demonstrated by a recently surfaced malware that posed as legitimate software. The malware was able to bypass the macOS Gatekeeper technology completely.

Mac users, however, as mentioned before, often tend to label themselves as too small or insignificant. But the more hackers can automate their attacks, the more likely they are to attack even supposedly uninteresting victims. Simply because it is possible and because potentially every victim has an interest in buying back their data.

There is no guarantee that ransomware on Mac will exclusively encrypt your data. Depending on the attack, the data can be copied or backed up elsewhere. The data can still show up in hacker forums years later.

Protection against Ransomware on the Mac

Cybersecurity doesn’t start with the Mac or Windows PC, but with very basic aspects. First and foremost, protection on the Internet is essential. Especially when you receive e-mails, you should never just click on links. Double check that the e-mail is authentic and that the links redirect to the correct website.

Especially attachments or downloads from unknown sources should be avoided. Protect yourself from this by downloading only official software from Apple’s App Store. Also, do not bypass this blocking and do not leverage any security settings in the system of macOS just to be able to install a certain software. This is almost never necessary with legitimate software, which can be installed and used in the normal way.

By the way, this also applies to open source software. Especially for freely available programs, there are always websites that are prepared in a modern way and rank well on Google. These websites then often appear as if they are the official websites, although they are just elaborate pages that are meant to appear just that way. This works well with open source because the official websites are often rather ugly or the programs are only available via GitHub and Co. A fancy website will look deceptively real.

Our conclusion on Ransomware on the Mac

We are not surprised that ransomware has now arrived on the Mac. Mac users often thought, and still think, that they were too well secured. However, there are also potential gateways under macOS that need to be considered and monitored. Moreover, no one is too small or too unimportant to fall victim to a ransomware attack. Programs like LuLu or Little Snitch help to keep an eye on the connections under macOS. With such tools, dubious or suspicious transactions are usually noticed very quickly. It is often the additional rights granted or exceptions in the security settings that then open the door for potential attackers.

For more information, feel free to read through a few of the articles on our blog. There you will find detailed explanations not only on the topic of ransomware, but also in relation to phishing and other areas of cybersecurity.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.
AWARE7 GmbH - Logo

+49 (0) 209 - 8830 6760

info@aware7.de

Google Plus Code F4X5+M2

Company

AWARE7 GmbH
Munscheidstr. 14
45886 Gelsenkirchen
Imprint | Privacy

About us
Open positions

Resources

Free e-learning
Downloads
Projects