Ransomware for Mac is nothing to worry about - for now

Writing ransomware is easy, but getting it installed on Macs would be harder

Apple computers haven't been impacted by ransomware, a pervasive and insidious class of malware that encrypts files on a computer in exchange for a ransom.

That's not because Apple's operating system is any more secure than Windows; it's more that malware writers haven't gotten around to writing ransomware for OS X since infecting Windows machines has been so profitable.

However, a Brazilian security researcher, Rafael Salema Marques, decided to show how easy it would be for malware writers to target OS X in a polished experiment that took him a couple of days.

It's not the first time security researchers have tried their hand at writing ransomware for Macs. In September, OS X security expert Pedro Vilaca posted proof-of-concept code on GitHub for his Mac ransomware.

Marques hasn't released the full code for his project, called Mabouia, but he has shared it with Apple and Symantec, which confirmed in a blog post that it works as advertised.

Marques also created a tongue-in-cheek mock website landing page for those who are supposedly infected.

The website purportedly offers tiered service plans: the "Not As Important" plan, which costs US$50, is good for recovering 20 files. Full decryption of all files costs $100.

It's quite funny, but ransomware is no joke, and it has affected companies and consumers in devastating ways.

The FBI said in June that it had received 992 complaints through its Internet Crime Complaint Center about the infamous Cryptowall ransomware over a one-year period. Victims reported losses of more than $18 million.

Fees to get the decryption key can range from a few hundred to thousands of dollars, and the cybercriminals behind the scams have been known to not release the key even if they're paid.

Marques published a video showing how the malware works, but he didn't specify how a user would actually get infected, which is usually a much harder task than developing the malware.

Patrick Wardle, an OS X security expert with Synack, said it is likely that if users encounter Mac ransomware, they would have to be tricked into running it, a kind of technique known as social engineering.

Apple uses a security technology called Gatekeeper that will block apps from running that aren't in its Mac App Store or are from identified developers. It basically helps save people from themselves if they are fooled, Wardle said.

But Wardle has found ways around Gatekeeper in the past through software flaws that are now patched by Apple. His expertise though is far beyond that of a ransomware writer, but there's an easier infection route.

Hackers could try to buy a developer's certificate from Apple, which costs $99, to digitally sign the ransomware so Gatekeeper wouldn't stop it. But Wardle said Apple usually quickly revokes certificates that end up in the wrong hands.

Still, the experiments by Marques and Vilaca show how easy it would be for ransomware writers to diversify if they wanted to.

"I'm sure we will see more Mac ransomware," Wardle said.

Join the CSO newsletter!

Error: Please check your email address.

Tags Macsecurityransomware

More about AppleApple.FBIMacsSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts