Posted on 06/13/2017 8:58:06 AM PDT by Swordmaker
Security researchers have discovered a ransomware variant that targets Macs rather than Windows PCs.
Although technically inferior to most current ransomware targeting Windows, it still encrypts or prevents access to victim's files, thereby causing real damage, according to researchers at Fortinet.
MacRansom uses symmetric encryption with a hard-coded key to hijack files on compromised Macs. The ransomware only encrypts a maximum of 128 files, according to Fortinet's analysis.
The malware is being offered through a ransomware-as-a-service delivery model so even the relatively clueless can try making money with the nasty. No coding experience is needed. Would-be crooks can contact the author and obtain malicious code through a portal on the dark net, Fortinet discovered.
The ransomware demands 0.25 bitcoin (around $700) for decryption keys. The author remits 30 per cent to the Bitcoin address of his script kiddie accomplices once he's been paid. The role of the script kiddie is restricted to distributing the nasty using booby-trapped emails or direct installation. The author discourages drive-by download attacks or other approaches that involve uploading customised versions of the nasty to cleartext websites.
It is up to you to decide whether you wish to take further action such as clearing your surfing history for the past hour, day, or week (all probably unnecessary), or to clear cookies from the last visited sites. Clearing History is accomplished by going in the Safari Menu and selecting the bottom most menu choice of "Clear History. . . " and selecting the time period you desire. Clearing Cookies is done by going into Safari menu Preferences/Privacy and under "Website and Cookie Data. . ."clicking on the "Manage Website Data", then clicking in the empty window to populate it, and then finding the URL of the correct website and clearing the Cookies of the one you wish to clear.
Under no circumstances should you call the number on the ransomware alert. The only phone number you should call is the police.
Please buy an external backup drive (they can be purchased for around $70) and enable Time Machine. A couple of days later your hard drive with all your data will be backed up. This is your ultimate protection against Ransomware. The most you'd be ever out is some of your time to restore your data.
In the old days, a horse thief or cattle rustler would be hung, because the horse and the cattle were effectively a person’s life and livelihood.
This ransomware stuff is the same thing.
These people should be hung.................
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
You are much too kind. Drawing and Quartering, after being staked out in the sun on a red ant hill is too kind. . .
My suggestion is requiring them to be a Syphilis preservation area for the preservation of the Treponema Pallidum bacteria, then, after gelding them, sentencing them to lifetime confinement with no treatment for the syphilis. . . as cellmates to sadistic child molesters. . . have you ever seen a person suffering for tertiary and end stage Syphilis? it ain't pretty.
Why are they not killed with some kind of government hit squad?
Because government hit squads are reserved for those who stand up to the elite.
They are more likely to be recruited by the NSA, CIA, or FBI. . . they need coders who can hack.
Thanks, SM. Advice bookmarked - but also stored in a text file which doesnt require Safari to read . . .
Are they joking?
All it takes is encrypting ONE file, if it's the right one, and a user could lose anything from a day's work to their business, depending on their backup strategy (or lack of one).
This is a clear and present threat, and I consider it quite serious.
Swordmaker, I greatly appreciate your posting this. I've got Mac users here at work that I will be talking to about this soon.
You make an EXCELLENT point. I would go a step further.
IMO, this is a form of warfare. These people have effectively declared war on the population of the US. Not only civilians, but often government offices are targeted.
In the old days, a country and its wealth was measured by the land it controlled. Today much of a country’s wealth it in the information it has. Ransomware attacks both the information and a country’s financial wealth.
Or have dirt on the Clintons....
boookmark
They cannot touch any system files. They cannot touch any Application files. That requires an administrator name and passcode. They cannot touch any Library files. Same thing. The only thing they can touch would be user files. They could, conceivably look for most recent files in the documents folder and encrypt the most recent 128 files there. That could be devastating for someone who is working on an important project who is not using Time Machine.
However, the encryption of 128 files is not going to hose most people's entire set of documents, photos, etc. It also would not effect any office that used a server that stored their documents on a centralized files system, unlike some of the Windows Ransomware attacks. It will affect only one user's files and even then only a limited number of those, even on a multi-user Mac.
So, in the respects of comparison, it isn't as much of a threat.
Those are the files that are easy to replace with a reinstall of the OS. Nice that they're protected, but... it doesn't matter compared to the unique and possibly irreplaceable personal files.
> The only thing they can touch would be user files. They could, conceivably look for most recent files in the documents folder and encrypt the most recent 128 files there. That could be devastating for someone who is working on an important project who is not using Time Machine.
Yep. Anyone on a Mac who is -not- using Time Machine is missing the point big-time.
> However, the encryption of 128 files is not going to hose most people's entire set of documents, photos, etc.
You and I know that "128" is a very round number in a computer. I suspect it's arbitrary, and could even be a mistake. There's probably nothing whatsoever stopping the malware artist from changing that to anything else. So I don't accept an assessment of "not a big deal" simply because this happens to limit at 128.
> It also would not effect any office that used a server that stored their documents on a centralized files system, unlike some of the Windows Ransomware attacks. It will affect only one user's files and even then only a limited number of those, even on a multi-user Mac.
On this we agree completely. LAN-wide encryption could kill a business flat-out.
> So, in the respects of comparison, it isn't as much of a threat.
Yep.... So far.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.