For as long as Mac computers have been available, the proud users of Apple products have always thought that they were safe from viruses and other online security threats. Being virus safe was one of the big reasons to consider using a Mac system in the first place. In some cases, users viewed that as justification for the price difference between Apple and PC or Android products. However, things change and up until recently, Ransomware was not an issue. Well, it is now a very real threat to Mac users.
Although it is not as popular as it is within the Windows-based community…and there are not quite as many Ransomware variants that can infect Mac machines, they are out there. This means that if Mac Ransomware is already available, expect the threat to grow.
By the way, it was in 2014 when the first Ransomware code was discovered that was being developed for Mac OSX. However, that code was never completed and it was subsequently abandoned. Some claim that the code had been accidentally leaked, and apparently that was why it was abandoned. Who knows?
Patcher and KeRanger
The two known variants are Patcher and KeRanger. Both of these Ransomware variants work in a similar way by encrypting the files on a computer and then later demanding a ransom be paid in order to have those files decrypted. Both of these (Patcher and KeRanger) were created sometime in 2016 or 2017. Some claim that they are the work of the same developers but that’s unverified. KeRanger has infected about 7,000 users by tricking people into downloading an infected BitTorrent client.
Once installed, it encrypts files and demands a ransom. The tricky part about the download is that the application actually snuck through Apple security with a ‘legitimate’ certificate. This permits the application to install just fine without anyone suspecting that they are installing a virus.
Mac is the safest computer operating system in the world, right? Well, maybe not so much anymore.
Patcher is the newest one and to date, it has affected hundreds of Mac users. This one takes advantage of people, well, people who don’t like to pay for software. A download of an Office Crack/Patcher seemed like a sure thing, but instead of activating your Office, it encrypts files and…wait for it…demands a ransom.
So, what is the moral of the story here?
Simple. Pay for your software and never download cracked software. As it turns out now, Mac is not so much better than PC in this department.
Macworld has issued a complete list of active Mac Ransomware variants and, believe it or not, that list is far from short. You can take a look at it here. When I went over it, I counted 12 different Ransomware names. Ouch! And this list, as I mentioned already, is expected to grow considerably.
If decryption was somewhat possible in some cases on Windows-based machines for some older Ransomware variants, you can forget about decryption tools for Mac. To date, there are no available decryption tools for any of the Mac-based Ransomware out there.
Sadly, the only way you will be able to get around a Mac Ransomware infection is to bite the bullet and pay the ransom demand. That is if the developers of Mac-based Ransomware choose decryption over sending you decryption keys as part of the ransom demand.
So, what is the solution here?
Well, if Mac expects to continue to be the ‘better’ operating system on computers it has to start to take into account how real a threat Ransomware has become for its users. Mac is no longer bulletproof. This means that future Mac OSX versions will have to feature a real update on security and firewall protection.
Remember, the way in which early Ransomware get past Mac security was with a fake (okay, according to the system it passed as legit) certificate. The list of known Mac Ransomware variants is growing and each Mac OSX update will have to address these.
I’ve explained before that hackers and Ransomware developers are a smart bunch of people. They will likely always be about a step ahead of the Mac OSX developers. But for now, if you have been a Mac user forever because of how safe you felt when online, that reality has changed.
I do expect Apple will step up and do everything possible to push their product back to the level where it has been from the very start. In fact, I view Mac-Based Ransomware as a sign that in the online world of hacking, no one is truly safe from infection and with something as nasty as Ransomware, it was only a matter of time before it reached the Mac community.
Yevgeniy Kapishon is a hardcore techno enthusiast, a senior data recovery engineer and a blogger at ADRS® Aesonlabs Data Recovery Systems, living in Toronto, Canada. In his free time, he likes to wander and explore the back alleys of his neighborhood or carve into his favorite sci-fi flicks.