Over the last several years, LockBit has become one of the most powerful ransomware gangs. While it has focused on Windows, Linux, and virtual host machines, it looks like the group has developed its first ransomware for Macs.
Discovered by MalwareHunterTeam (via Brett Callow), what seems to be the first ransomware build designed for macOS has surfaced on the web. While it’s not fully clear, it may also be the first time a major ransomware gang is targeting Apple devices.
As a bit of background, LockBit is believed by security analysts to be a Russian-based group as most of the members are Russian-speaking. However, the leader has said he operates out of the US or China.
LockBit has grown as it runs a ransomware-as-a-service (RaaS) operation. That approach means the group lets others use their ransomware – for a price.
It looks like this LockBit ransomware was created for Apple Silicon Macs with the build name being “locker_Apple_M1_64.”
While infosec Twitter account vx-underground mentioned the appearance of this LockBit ransomware for Mac showing up in one place with a date of November 2022, MalwareHunterTeam says they haven’t found any mentions of it online and I found the same, so it appears it may have gone under the radar until now if it was around since last fall.
In any case, MalwareHunterTeam believes this is the first public alert about LockBit going after Apple devices. And with the gang’s RaaS approach, it’s possible we could see an incoming wave of ransomware attacks targeting Macs.
Curiously, while the M1 ransomware build may grab the most attention, a LockBit ransomware build is also showing up for PowerPC Macs.
Speaking with Wired earlier this year, Jon DiMaggio from Analyst1 shared that one of the reasons LockBit has grown so powerful is its leader’s business savvy.
“They are the most notorious ransomware group, because of sheer volume. And the reason for their success is that the leader is a good businessman,” says Jon DiMaggio, chief security strategist at Analyst1 who has studied LockBit’s operations extensively. “It’s not that he’s got this great leadership capability. They made a point-and-click ransomware that anyone could use, they update their software, they’re constantly looking for user feedback, they care about their user experience, they poach people from rival gangs. He runs it like a business, and because of that, it is very, very attractive to criminals.”
- Should iPhone owners worry about the threat of juice jacking?
- Why the FBI says you should avoid public phone chargers at airports and malls
- PSA: iOS 16.4.1 and macOS 13.3.1 patch two ‘actively exploited’ security vulnerabilities
- Terrifying study shows how fast AI can crack your passwords; here’s how to protect yourself
Add 9to5Mac to your Google News feed.
FTC: We use income earning auto affiliate links. More.