Upcoming Webinar
Understand How Your Peers Approach AD Forest Recovery
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
Unlocking the Secrets of App Security!
In this episode of UnplugIT, Stephen Rose talks to IT expert and technology engineer Sean Hurley about how to secure apps in the cloud.
Essential Eight + Microsoft 365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.
UK Ransomware Guidelines + M365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.

Researchers Uncover New LockBit Ransomware Created to Encrypt Files on macOS

Security researchers have discovered a new LockBit ransomware that’s designed to target macOS devices. The MalwareHunterTeam detailed on Twitter that the malware enables threat actors to encrypt files stored on Arm-powered Macs.

LockBit is a Russian-based group that has historically targeted Windows PCs, Linux, and virtual host machines. The gang has been running ransomware-as-a-service (RaaS) operations since 2019. Over the years, the LockBit group has deployed its malware against many high-profile targets in several countries.

Interestingly, Twitter user vx-underground found that the macOS variant of the LockBit ransomware has been available since November 2022. The malware has infected around 1,000 organizations worldwide. Security researchers believe that the LockBit gang managed to steal tens of millions of dollars from the victims.

https://twitter.com/malwrhunterteam/status/1647520640268746752?ref_src=twsrc%5Etfw

LockBit ransomware doesn’t pose a real threat to Mac devices

Apple security expert Patrick Wardle has performed a detailed analysis of the macOS version of LockBit. He found that the malware can encrypt files on macOS, but it currently doesn’t pose any real threat. Wardle also pointed out that LockBit uses an invalid digital signature, and it can’t run easily on a Mac device. The built-in security features (such as System Integrity Protection (SIP) and Transparency, Consent, and Control (TCC)) will help to significantly reduce its impact.

“While this may be the first time a large ransomware group created ransomware capable of running on macOS, it’s worth noting that this sample is far from ready for prime time. From its lack of a valid code-signing signature to its ignorance of TCC and other macOS file-system protections as it stands it poses no threat to macOS users,” Wardle explained.

Emsisoft threat analyst Brett Callow explained that the LockBit ransomware for Mac is currently in its early development stages. Moreover, he confirmed that there is no evidence it has been exploited in the wild. “It is, however, an indication that LockBit is, or at least was, thinking about Macs,” Callow said.

by Rabia Noureen
Apr 18, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.