The notorious LockBit ransomware group is apparently developing malware capable of encrypting files on devices running Apple’s macOS operating system. Researchers have analyzed the malware to determine what threat it really poses.
Security researchers have discovered a brand new version of LockBit ransomware. Indeed, a group of security researchers known as MalwareHunterTeam said they had recently found evidence ofa version of Lockbit ransomware designed to compromise macOS devices, that is, the Mac and MacBook laptops from the American manufacturer.
As far as the group knows, the announcement marks the first public notification that Lockbit ransomware could be used against Apple computers, although it appears the gang has offered this capability since last fall. As a reminder, it was he who was offered for free access on social networks last September, which represented a real coup in the sphere of hacking.
Apple Macs are no longer immune to LockBit
A new version called “locker_Apple_M1_64” would be able to infect Apple Macs. Historically, Lockbit, which is based in Russia, uses encryptors designed to attack Windows, Linux and VMware ESXi servers. Lockbit is particularly known for attacking the giant Thales, and the group even targeted the Ministry of Justice in France last year.
However, researchers found a ZIP archive on Virus Total, containing previously unknown ciphers for macOS, ARM, FreeBSD, MIPS and SPARC. The MalwareHunter team couldn’t find any reference to LockBit ransomware targeting Macs before an early version appeared in November last year, and no one mentioned its existence until April 16 this year. So we might see an influx of Mac ransomware infections, especially if the LockBit gang decides to bring the Mac version to the mainstream.
Lockbit for Mac is not yet ready, says another researcher
Apple security expert Patrick Wardle analyzed the macOS version of LockBit and found that although it can work on Macs and is able to encrypt files, it does not present a real risk for the moment. According to him, the analyzed malware sample was signed, but not with a trusted certificate, meaning macOS was preventing it from working. Additionally, even if such ransomware manages to run on a macOS device, the file system protections implemented by Apple, such as TCC (Transparency, Consent, and Control), are likely to considerably limit its impact.
The cybersecurity researcher even pointed out some flaws in the software, which can cause it to stop suddenly when running on macOS. Whether this version does not really seem to be very ready to succeed in threatening the security of Apple usersnothing says that a next version will not correct all these problems.
What is known is that in addition to using it for its own purposes, the group also gives access to its ransomware to other criminals willing to pay. With the prospect that others may use it, it is logical that ransomware attacks against Macs will increase in the near futurebut we will of course keep you informed.
According to an indictment the US Department of Justice released last fall, LockBit is “ one of the most active and destructive ransomware variants in the world “. Although it recently lost its crown as the most dreaded ransomware, it is still extremely dangerous.
Contrary to popular belief, Apple systems are also very vulnerable to threats, and not all of them are more secure than their competitors. Not only is there also ransomware on MacBooks, but also dangerous security vulnerabilities that can allow hackers to take control of your device remotely.
