Apple’s Macs Have Long Escaped Ransomware, But That May Be Changing

LockBit, a notorius ransomware gang, has developed new ransomware capable of encrypting files on Apple’s macOS operating system. This marks the first time that a big-game ransomware group has created a macOS-based payload. Samples of the macOS variant have been circulating since November 2022 but managed to evade detection by anti-malware engines until now.

LockBit, known for its ties to Russia, has been active since late 2019 and released significant updates in 2021 and 2022. In March 2023, LockBit emerged as the second most commonly used ransomware after Cl0p, with 93 successful attacks recorded.

An analysis of the new macOS version reveals that it is still a work in progress and relies on an invalid signature, making it unable to run due to Apple’s Gatekeeper protections.

Security researcher Patrick Wardle notes that the macOS variant appears to have originated as a Windows-targeting ransomware: however, even if developing Mac ransomware may not be the highest priority on every attacker’s to-do list, the field is shifting and it definitely deserves keeping an eye on it.