Researchers Discover Ransomware Targeting Mac OS

Despite many people still thinking that Mac OS is safe from malware and viruses, Apple’s operating system is increasingly becoming a target for hackers and cyber criminals.

To illustrate this point, security researchers at Fortinet this week discovered a Ransomware-as-a-service (RaaS) that is specifically targeting Mac OS, using a web portal hosted in a TOR network to compromise devices.

After contacting the author via email and masquerading as hackers, the researchers were able to get access to a sample of the ransomware for analysis.

Mac-targeting

Upon opening the ransomware, the first thing it does is check that it is running on a Mac environment and that it is not being debugged. If these conditions are met, it creates a launch point which imitates a legitimate file to remain hidden on the device.

Once a specific ‘trigger time’ is met, which is previously agreed with the author, it starts encrypting targeted files up to a maximum of 128.

“As with other crypto-ransomware, the encryption algorithm is the core component that we spent most of our analysis time on,” the researchers write.

“Our goal was to find any RSA-crypto routine, however this piece of crypto-ransomware is not as sophisticated as other OSX crypto-ransomware that have been previously disclosed. It uses a symmetric encryption with a hardcoded key to hijack the victim’s files.”

There are two sets of symmetric keys used by the ransomware, a ‘ReadmeKey’ to decrypt a readme file that contains the ransom notes and instructions and a ‘TargetFileKey’ to encrypt and decrypt the victim’s files.

However, Fortinet notes that the encrypted files can no longer be decrypted once the malware has terminated. This is because the TargetFileKey doesn’t ever reside in the device’s memory and there is no function to communicate back to any C&C server, so there is no readily available copy of the decryption key.

“It is not every day that we see new ransomware specifically targeting Mac OS platform,” Fortinet concludes. “Even if it is far inferior from most current ransomware targeting Windows, it doesn’t fail to encrypt victim’s files or prevent access to important files, thereby causing real damage.

MacRansom is yet another example of the prevalence of the ransomware threat, regardless of the OS platform being run.”

Quiz:The world of cyber security in 2017

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago