Researchers Discover Ransomware Targeting Mac OS

Despite many people still thinking that Mac OS is safe from malware and viruses, Apple’s operating system is increasingly becoming a target for hackers and cyber criminals.

To illustrate this point, security researchers at Fortinet this week discovered a Ransomware-as-a-service (RaaS) that is specifically targeting Mac OS, using a web portal hosted in a TOR network to compromise devices.

After contacting the author via email and masquerading as hackers, the researchers were able to get access to a sample of the ransomware for analysis.

Mac-targeting

Upon opening the ransomware, the first thing it does is check that it is running on a Mac environment and that it is not being debugged. If these conditions are met, it creates a launch point which imitates a legitimate file to remain hidden on the device.

Once a specific ‘trigger time’ is met, which is previously agreed with the author, it starts encrypting targeted files up to a maximum of 128.

“As with other crypto-ransomware, the encryption algorithm is the core component that we spent most of our analysis time on,” the researchers write.

“Our goal was to find any RSA-crypto routine, however this piece of crypto-ransomware is not as sophisticated as other OSX crypto-ransomware that have been previously disclosed. It uses a symmetric encryption with a hardcoded key to hijack the victim’s files.”

There are two sets of symmetric keys used by the ransomware, a ‘ReadmeKey’ to decrypt a readme file that contains the ransom notes and instructions and a ‘TargetFileKey’ to encrypt and decrypt the victim’s files.

However, Fortinet notes that the encrypted files can no longer be decrypted once the malware has terminated. This is because the TargetFileKey doesn’t ever reside in the device’s memory and there is no function to communicate back to any C&C server, so there is no readily available copy of the decryption key.

“It is not every day that we see new ransomware specifically targeting Mac OS platform,” Fortinet concludes. “Even if it is far inferior from most current ransomware targeting Windows, it doesn’t fail to encrypt victim’s files or prevent access to important files, thereby causing real damage.

MacRansom is yet another example of the prevalence of the ransomware threat, regardless of the OS platform being run.”

Quiz:The world of cyber security in 2017

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

35 mins ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

5 hours ago