When the massive WannaCry ransomware attack struck last spring, many Mac users breathed a sigh of relief once investigators revealed that only Windows PCs were infected. For some, the incident only confirmed that they already believed: Macs don’t get viruses.
If you were among them, you might want to brace yourself for a shock: Macs can get viruses, and ransomware targeted to Macs is very real, and very dangerous.
Only A Matter Of Time
While undoubtedly, Windows machines are the No.1 target for ransomware, it’s never a good idea to become complacent when it comes to securing your devices. And while Macs have, by and large, seen far fewer large-scale attacks and aren’t infected with malware nearly as often Windows PCs, the threat is growing.
This is in large part due to market share, as in the past, there weren’t enough Macs to make it worth hackers’ time to develop malware that would attack Apple products. However, as the company’s market share has grown, that’s no longer the case. Yes, Apple still uses a proprietary operating system that is harder to crack, but as criminals become more sophisticated, the likelihood of Mac-focused malware increases.
In fact, one recent study found that Mac malware increased 744 percent in 2015. The majority of that malware was irritating adware, and not necessarily harmful, but there were still some more dangerous viruses that could potentially infect Macs. In fact, last year there were a few larger-scale attacks on Macs, including one that caused Macs to crash by infecting Safari and Apple Mail, and another that captured screen shots from computers.
In terms of ransomware, one of the first examples of the malware “in the wild” was discovered in 2016. The “KeRanger” ransomware was being spread via torrenting software, and like all other ransomware, demanded a payment in order to restore functionality to the machine and unencrypt files. In this case, the ransom was one Bitcoin, or about $400. What made this ransomware particularly interesting is that it appeared to be attempting to encrypt the computer’s Time Machine files as well, effectively preventing the user from circumventing the attack and restoring the computer using the most recent backup.
Another interesting point about the “KeRanger” ransomware is that it did something that most hackers haven’t been able to do: It was able to exploit Apple’s own security certification. The malware was signed using a valid mac app development certificate, so it got through Apple’s Gatekeeper protection which has been largely successful in preventing such attacks from taking place. Apple immediately revoked the security certificate for the app when the ransomware was discovered, and users who downloaded the Transmission torrent installer during a specific time were advised to run checks on their machines, but the damage was already done.
The KeRanger attack is not the only example of ransomware targeting Macs. Another form of ransomware, “Patcher” circulated on BitTorrent sites purporting to be a “crack” for popular software like Microsoft Office 2016. However, instead of bypassing the software activation requirements as it claimed, the code was actually a Trojan horse for ransomware. And in another case, a popular video transcoding program was infected with a remote-access Trojan, which gained access to the program via a faux security certification.
So how do you protect yourself?
Ransomware is a serious problem in the world of cybersecurity, and no one is immune to its effects. Even if you use a Mac, it’s important to protect yourself, and avoid a false sense of security.