Magpie Tech Tips

June 14, 2017

Warning: A New Ransomware is Targeting Macs

MacRansom is the latest ransomware targeting Macs. While MacRansom itself isn't a big threat, the fact that ransomware-as-a-service now targets Mac users is.

Mac users, take heed! A new ransomware has invaded the Web...and it targets Macs.

MacRansom: Offered as Ransomware as a Service—Fortinet Blog

The new Mac ransomware is called “MacRansom.” Not very original, but what it does is no joke.

How MacRansom Attacks

Like other ransomware, it will encrypt important files on your computer. Documents, MacOS apps, and so on. It then demands 0.25 Bitcoin (about $700) from you within 7 days, or you lose those files forever.

MacRansom gets onto your computer through an infected link, emailed to you. The email may even look legitimate, but the link is definitely not!

The Bigger Danger: Ransomware-as-a-Service Now Aimed at Mac Users

We asked Thomas Reed, Malwarebytes’ Director of Mac Offerings, about MacRansom. He said it didn’t concern him too much—MacRansom is a little unsophisticated, which makes it easier to defeat.

The bigger problem is Ransomware-as-a-Service. In the past few years, ransomware authors have distributed their software out to others, for their use. The author gets a fee, while other cybercriminals use the software to target whomever they want.

The MacRansom creator distributed it on a darkweb site, in exchange for a percentage of the ransoms taken. What makes it unusual…and dangerous for everyone…is that this is the first time ransomware-as-a-service targeted Mac users.

PC users have had to deal with ransomware-as-a-service since its inception, around mid-2015. Now Mac users have to as well.

How to Stop MacRansom

If you do receive a MacRansom-infected email, you have two chances to stop it from encrypting your Mac.

  1. Never click links in emails you weren't expecting, or don't recognize.
  2. If you do click a MacRansom-infected link, you'll see a warning like this: "This software is from an unidentified developer. Run anyway?"
    DO NOT click Open! Click Cancel, and notify your IT Support team right away.

Thomas also said a real-time anti-ransomware product is in the works for Macs, which will block things like MacRansom. Another reason why we encourage all computer users, PC or Mac, to use Malwarebytes software.

We'll bring you more details as information becomes available. If you do encounter suspicious emails, please contact us at support@planetmagpie.com.

Happy computing!