Skip to main content

MacRansom – new RaaS targeting Apple users

Learn comprehensive details of MacRansom, a RaaS portal that breaks new ground by providing cybercrooks with full-fledged ransomware for macOS.

The Ransomware-as-a-Service model has been gaining momentum in the cybercrime underground over the past several years. Anyone with some money and time on their hands has thus been able to buy sophisticated malicious code on the dark web and become a crypto-extortionist. However, it’s not until now that this option has become available for attackers targeting Mac devices. The offer fits even hackers with the lowest tech skills as the criminals join the so-called MacRansom ransomware-as-a-Service scheme. This system provides sophisticated malware in a user-friendly manner.

This is not the first instance of Mac ransomware, in spite of the fact that most of the encryption-for-ransom attacks are designed for and deployed on Windows OS.

Malware distributors have gotten used to Windows ransomware available on a turnkey basis. Complex malicious code is presented in such a way that the distributors hardly need any proficiency to operate the attack. That is the first time low-level crooks try the same scheme tailored to hack macOS.

MacRansom product page

This brand new MacRansom RaaS, reported by security enthusiasts, runs its advertising campaign via TOR. Its website is only available with the Tor Browser and advertises incredible features of this Trojan. The ads somewhat exaggerate its benefits, yet MacRansom is the first ransomware that basically anyone can use to hack macOS for ransom.

The examination of Mac ransomware competed by IT security specialists reveals the infection has a countdown timer. This enables the attackers who directly drop the Trojan to postpone the crypto-payload execution.

The encryption hits up to 128 files only. This means the ransomware either operates in trial mode or is a bit simpler than other instances in circulation.

The impacts remain quite significant as the encrypting plague scrambles essential items like timestamps on the Mac device. This ensures any ransom-free recovery tools cannot properly restore the affected data.

MacRansom attack

The encryption attack seeks its victims to pay 500 to 1000 USD. Actually, the ransom is payable in Bitcoins and amounts to 0.25 BTC, but may vary greatly as the cryptocurrency, though steadily growing, may fluctuate significantly. The ransomware states it is going to destroy the decryptor unless the payment is made within a week. To learn how to pay the extorted amount, victims are supposed to contact the crooks via email indicated in the ransom note.

Again, as compared to Windows ransomware which hacks nearly every bit of data, MacRansom is a rather moderate and crude threat. Meanwhile, it still causes real damage to its victims.

IT security industry has expressed its concern about RaaS schemes that inspire newborn cybercriminals to engage in spreading and developing Mac encryption malware.

Researchers also observe that MacRansom is yet another proof of ransomware dominating the current malware ecosystem regardless of OS affected.

The crooks behind MacRansom do not restrict their malicious actions to encryption-for-ransom. They readily deploy spyware attacks, also tailored for macOS.

MacSpy is also available for affiliate distribution. The offer is free in its basic edition enabling scammers to log keystrokes, view the hacked device remotely, as well as intercept files shared via iCloud.

This is a far cry from what such Trojans actually do in Windows OS. However, it clearly shows the hackers are stepping into Mac's domain with actually quite dangerous tools that potentially can develop into a devastating threat.

Users tend to suppose that, as long as they operate macOS, they are almost completely safeguarded from any cyber-attacks. This opinion is getting obsolete as we observe onslaughts increasingly targeting Apple devices.

2

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in