Chapter in this post:
Ransomware for macOS or OS X on the Apple Mac, iMac, and MacBook is not very common, but neither is it impossible. The malware that blocks files or even the entire hard drive in order to extort bitcoins for release can be ordered on the Darknet. Ransomware-as-a-Service (RaaS) is the name of such an offer. The company founded in 2000 Fortinet, which offers digital security solutions, has MacRansomware Accepted as ransomware as a service for macOS and OS X and analyzed the malware for would-be hackers.
By the way: Below is also about MacSpy, a spy software for the Mac. Click here to jump to the relevant paragraph.
The features of MacRansom advertised on the Darknet, a current ransomware for macOS, which can encrypt files on the Apple Mac, MacBook or iMac. (Source: fortinet.com)
In a nutshell, ransomware is software that blocks a computer's hard drive or encrypts it completely. The user then no longer has access and is shown a message demanding a ransom for the release of the data. Usually a fairly high amount is required in Bitcoins. Ransomware usually comes by email, USB sticks or the like. You can find a detailed article on the subject here: Data backup: backup copy as protection against ransomware.
MacRansomware is not the first ransomware to hit Apple computers. For example, the blog was already about a year ago KeyRanger, a similar hacker software for OS X. As Fortinet points out in its analysis of the current case, the software currently circulating also builds on earlier code such as that of the KeyRanger; even if it is touted as the new and also “best Mac ransomware” on the corresponding Darknet portal. Incidentally, the fact that ransomware for Mac systems is so rarely released is due to the fact that around 91,64% of privately used computers are still equipped with Windows.
Fortinet shows at the Analysis of the ransomware MacRansom has a lot of ambition and sets out the e-mail traffic with the programmer / provider, details about the sender from the mails, program codes, explanations for individual program lines, etc. If you are interested in this, click the link at the beginning of this paragraph. Here I want to give you a brief overview of the findings:
After running MacRansom, the ransom note with contact details and a request for 0,25 Bitcoins is displayed on the affected Mac. (Source: fortinet.com)
A small digression in the direction of the digital financial world: Bitcoin is not a very stable currency. The price tends to fluctuate a lot, which makes the extortion money value very flexible in the case of ransomware. In March 1, the value of 2017 Bitcoin was now under € 1.000; in June the peak so far was over € 2.500. We are currently talking about € 0,25 at 525 Bitcoin.
Bitcoin price for the last 3 months; Status: mid-June 2017. (Source: finanzen.net)
If you are asked for permission on the Apple Mac, iMac or MacBook before the unknown program is executed, then you are fine. This is not so often the case with ransomware on Windows. On the Apple computer you should only run programs that you can assign. In addition, you should always have the current operating system on your computer. A Antivirus software Can't hurt either; and a regular one Backup ensures that your important data is still accessible even in the case of local encryption. Either on an external hard drive or in the cloud.
Recommended reading: These Mac models are compatible with macOS 10.13 High Sierra
In addition to the ransomware MacRansom, there is also spy software on the said platform, also on the Darknet, as Malware-as-a-Service (MaaS). MacSpy is the name of the digital spy, which is said to take up less than 30 MB and is therefore relatively “invisible”. About the proxyBrowser Tor, the operation should also not be traceable.
The features:
Source: alienvault.com
But these are just the features for the free version. There is noisy AlienVault.comwhere her an extensive Analysis of MacSpy finds, for an unknown amount of Bitcoins, the possibility of receiving a more extensive version. The "Advanced Features" of MacSpy include:
Source: alienvault.com
MacSpy works according to Alien Vault's analysis, which is just as extensive and informative as Fortinet's MacRansomware analysis. The affected Mac is read out according to the description and the data can be read out via a Command and Control Server (CnC). So there is a risk of total espionage from the program.
The analysis does not reveal that the Apple computer with OS X or macOS provides any information about the program. MacSpy is therefore to be viewed more critically than MacRansom. If you want to know whether you are affected or how you can get rid of the malware, then take a look at Alien Vault.
Even if Apple Macs currently only have a market share of around 6,34% in the private sector, this is increasing. That makes OS X and macOS more and more attractive to hackers and other cyber criminals. You can protect yourself with regular updates of the OS, an antivirus program, backups and a bit of caution. Good luck with it!
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.