LockBit Ransomware Samples For Apple Macs Hint At New Risks For MacOS Users

An anonymous reader writes: Security researchers are examining newly discovered Mac ransomware samples from the notorious gang LockBit, marking the first known example of a prominent ransomware group toying with macOS versions of its malware. Spotted by MalwareHunterTeam, the samples of ransomware encryptors seem to have first cropped up in the malware analysis repository VirusTotal in November and December 2022, but went unnoticed until yesterday. LockBit seems to have created both a version of the encryptor targeting newer Macs running Apple processors and older Macs that ran on Apple's PowerPC chips. Researchers say the LockBit Mac ransomware appears to be more of a first foray than anything that's fully functional and ready to be used. But the tinkering could indicate future plans, especially given that more businesses and institutions have been incorporating Macs, which could make it more appealing for ransomware attackers to invest time and resources so they can target Apple computers. "It's unsurprising but concerning that a large and successful ransomware group has now set their sights on macOS," says longtime Mac security researcher and Objective-See Foundation founder Patrick Wardle. "It would be naive to assume that LockBit won't improve and iterate on this ransomware, potentially creating a more effective and destructive version." For now, Wardle notes that LockBit's macOS encryptors seem to be in a very early phase and still have fundamental development issues like crashing on launch. And to create truly effective attack tools, LockBit will need to figure out how to circumvent macOS protections, including validity checks that Apple has added in recent years for running new software on Macs. "In some sense, Apple is ahead of the threat, as recent versions of macOS ship with a myriad of built-in security mechanisms aimed to directly thwart, or at least reduce the impact of, ransomware attacks," Wardle says. "However, well-funded ransomware groups will continue to evolve their malicious creations."

Read more of this story at Slashdot.