How to protect your mac from ransomware

How to protect your mac from ransomwareSome of the most high-profile ransomware cases in recent memory include the WannaCry and Petya outbreaks in 2017, which infected hundreds of thousands of Windows PCs around the world. However, ransomware such as EvilQuest target Mac computers specifically. If you have a Mac, follow the security best practices below to avoid getting infected.

What is Mac ransomware?

Ransomware is a type of malicious software that holds computer systems hostage until a ransom is paid in gift cards, or cryptocurrency like Bitcoin or Ethereum. It’s typically distributed using phishing emails, but it can also spread via unsecured networks.

When Macs are infected by ransomware, users won’t be able to access their data since it’s encrypted. Ransomware messages may also threaten to release the information to the public or destroy sensitive data if victims don’t pay within a certain deadline. Healthcare and finance organizations, in particular, are more likely to pay the ransom because these organizations tend to have a lot of valuable assets, including money, and can’t afford to lose access to their critical data.

Types of Mac ransomware

In 2016, the KeRanger ransomware was distributed through the popular BitTorrent app Transmission. KeRanger was signed with an authorized security certificate, allowing it to evade macOS’s built-in security measures and infect more than 7,000 Mac computers.

Patcher was another strain of Mac ransomware that was discovered in 2017. This type of ransomware disguised itself as a patching app for programs like Microsoft Office. When launched, Patcher would encrypt files in user directories and ask for a ransom paid in Bitcoin. But the ransomware was poorly built, so there was no way to retrieve the decryption key once the ransom was paid.

In 2019, the EvilQuest ransomware encrypted files and tried to trick users into paying a Bitcoin ransom. Much like Patcher, however, there was no feature to decrypt files after paying, leaving those who paid the ransom with nothing.

Ransomware attacks like these can make a resurgence at any time, which is why you need to be prepared in case of an attack.

An ounce of prevention goes a long way

Preventive measures are the best way to keep your Macs safe from ransomware. This involves updating your software regularly to defend against the latest threats and only installing programs from the official App Store.

Since ransomware initially infects computers using phishing emails, make sure to avoid suspicious links and email attachments. Always be on alert even if the email appears to come from a legitimate company or someone you know.

You must also maintain offline backups and have a disaster recovery plan to keep your business running in the off chance that ransomware successfully infiltrates your systems.

Responding to ransomware

If your Mac is infected with ransomware, do not pay the ransom fee, as there’s no guarantee that hackers will provide a decryption key and release your data even if you give in to their demands.

Instead, use an up-to-date anti-malware program to remove ransomware from your computer. Cybersecurity experts may also release free ransomware decryptor tools to remove the infection, so keep an eye out for these on the internet. If these programs and tools don’t work, contain the spread of the ransomware by disconnecting from the network and run data recovery procedures, provided you’ve backed up your data in an external hard drive or the cloud.

Mac ransomware attacks may not be common, but they still pose a great threat to your business. If you need more guidance, contact our team of security experts today. We stay abreast of the latest Mac security threats and know just how to keep your business safe.

How to protect your mac from ransomware

Ransomware is a malware attack where attackers threaten to publish your data online, encrypt files, deny access to your files, or even expose your online activity unless you pay a ransom. Despite Apple’s uptight inbuilt security features, ransomware is rapidly growing and increasingly becoming a common threat.

Anybody can be a victim of ransomware, and that is why you need the best ransomware protection to guard your Mac and ensure the best security. Below are a few tips to help you safeguard your Mac from ransomware.

Update your macOS Regularly

To protect your device from malware, keeping your software and OS updated is crucial. When you run an update, you are able to get the latest security patches making it harder for cybercriminals to exploit vulnerabilities in your software, hence maximizing ransomware prevention. It would help if you implemented a device management strategy, perhaps in a way that updates are done automatically. You can do this by opening system preferences and further clicking the app store icon. Go ahead and tick “automatically check for updates”, and your machine will be set to download updates automatically.

Install Anti Malware Software

Some third-party apps are essential tools that give protection to your machine since they scan for potential threats and fixes them. You can download tools such as mac cleaner that offers all-round protection. The app gives protection against data miners, trojans, and recent browser hijackers. The app also helps you delete tracking cookies and erases sensitive details like browser history to ascertain your privacy. By running a diagnosis check on your Mac regularly, your chances of catching up with ransomware before it does damage are better. You can also install and antivirus software that will keep your Mac protected.

Back Up Your Data

It is also smart to play safe. Well, there are plenty of ways to back up your data besides your computer. It is recommendable to maintain duplicate backups for your data such as one cloud-based drive such as Dropbox or Google Drive and the likes. Cloud storage allows you to return to the previous version of files making it possible to return to an unencrypted version. Your data will always remain safe when backed up in a case where you experience a ransomware attack. Therefore, it is crucial to keep everything copied on an external hard drive. Be sure not to leave it connected to your computer when not in use. Otherwise, if left plugged in, your data can also be encrypted.

Download from Official and Trusted sites

Downloading media files or software from an unknown website increases the risks of threats. It is vital to visit verified and trusted sites if you want to download something. Most reputable websites have markers you can recognize to show they have been verified. For example, secure sites use “https,” which is symbolized by a green padlock icon in the address bar instead of “http,” denoted by a red padlock icon to show the site is not secured. It is crucial to avoid clicking up on pop-up windows since hackers use such pop-ups and fake websites to spread malware.

Wrap Up

macOS has the hardware and software security implementations that make them quite secure. However, it is necessary to protect your Mac from ransomware and malware in general by taking active measures to protect your machine and to boost its security. Pick a few tips, and always stay alert!

How to protect your mac from ransomware

As a result of Apple's tight grip, macOS has a reasonably good security reputation, but no platform is safe from attack. Ransomware is just one such example, and it is a growing concern. Here's how to keep a healthy Mac.

Knowing What Ransomware Does

Ransomware takes your device, or the information stored on it, hostage and demands a ransom for its secure return, as the name implies. It was understood that some especially early Windows ransomware fully restricted access to your computer. A more prevalent solution, however, is to encrypt the data with a key you don't know.

With your computer or data kept hostage, requests for payment to restore access are then made. Cash sent via a wire transfer, such as PayPal or Western Union, or gift card codes for services such as Xbox Live, or even Bitcoin or other untraceable cryptocurrencies, maybe this ransom.

Although once you have paid up, ransomware could restore access to your device or data, there is no guarantee. It has been recognized that some ransomware fully deletes data, making recovery impossible. That's why the thought of ever engaging with a scam like this is a bad idea.

Sadly, many people are humiliated that they were set up in the first place, which makes it even more enticing to play along with the scam. The nefarious forms ransomware spreads make it much more probable that the victim will pay to save face.

There are, thankfully, some ways you can defend yourself. Much like many other online scams, avoiding actions that put you at risk in the first place is the safest thing you can do.

Always Be Careful Online

The spread of malware isn't just pirated software. Just about any executable file might be a threat, so whenever you download and install software, it's a good idea to use common sense. This is one of the reasons Gatekeeper was implemented by Apple, which favors the Mac App Store and approved Apple Developers' signed apps.

Gatekeeper will inform you that the software will not be installed when you try to install an application that violates these laws, since it's not from an identified developer. You can choose (under System Preferences > Security and Privacy) to ignore this. You then presume, however, any danger involved in running applications that could have come from somewhere.

How to protect your mac from ransomware

However, it is important to remember that the vast majority of software that is unsigned is not malicious. The author must register as an Apple developer and pay $99 a year in order for an app to become Gatekeeper compliant. As a result, due to budgetary limitations, many legitimate projects remain unsigned. In particular, this refers to open-source projects that rely on volunteer programmers who only contribute their time.

If you trust a creator, then you can verify the validity of a file using an MD5 hash. Alongside a download page, most developers provide an alphanumeric, cryptographic hash. You'll know that no one has tampered with the file if the hash of the file you downloaded matches the one provided by the creator.

It's also true that while all applications are Gatekeeper-friendly in the Mac App Store, in the past, malware has existed in both iOS and the App Store. Generally, though, since the software is subject to a higher degree of scrutiny in the App Store, it's better.

Stop malware that is pirated

Pirated malware is one of the key vectors for spreading ransomware. Malwarebytes found the "ThiefQuest" ransomware hiding in an installer for a cracked version of Little Snitch in June 2020. There were also indications that the malware, like Ableton Live and Mixed in Key 8, had found its way into pirated versions of DJ applications.

After originally being posted to a Russian forum dedicated to sharing cracked apps, these installers spread through BitTorrent. These torrents are circulated far and wide, and monitored, like The Pirate Bay, by "mainstream" trackers. To come across any potentially tainted installers, you don't have to search the internet for dubious forums.

How to protect your mac from ransomware

Piracy poses a very real risk of infecting your computer with malware because pirates frequently change installation files or provide additional patches designed to crack the apps in question. You never know what you're downloading, even if a torrent appears to be legitimate or is released by a company you're familiar with.

Even, if you don't know the source, be careful of software passed around by friends or acquaintances. Although downloading pricey software for free can be enticing, it will cost you a lot more than the price of a license.

В macOS есть множество функций, помогающих защитить Ваш Mac и Ваши личные данные от вредоносного программного обеспечения, или malware. Одним из способов распространения вредоносного ПО является его встраивание в безобидно выглядящие приложения.

Этот риск можно уменьшить, если использовать ПО, полученное только из надежных источников. Настройки «Защита и безопасность» позволяют Вам указать источники ПО, установленного на Вашем Mac.

На Mac выберите пункт меню Apple

> «Системные настройки», нажмите «Защита и безопасность» , затем нажмите «Основные».

Если слева внизу отображается запертый замок , нажмите его, чтобы разблокировать панель настроек.

Выберите источники, из которых Вы разрешаете устанавливать программное обеспечение:

App Store. Разрешить только приложения, загруженные из Mac App Store. Это наиболее безопасный параметр. Все разработчики приложений, представленных в Mac App Store, идентифицированы Apple, и каждое приложение проходит проверку, прежде чем попадает в магазин. macOS проверяет приложение перед первым запуском, чтобы убедиться, что приложение не было изменено после предоставления его разработчиком. При возникновении проблем с приложением Apple удаляет его из Mac App Store.

App Store и установленные разработчики. Разрешить приложения из Mac App Store и приложения установленных разработчиков. Установленные разработчики зарегистрированы в Apple и могут отправлять свои приложения в Apple для проверки безопасности. Если с приложением возникают проблемы, Apple может отозвать его авторизацию. macOS проверяет приложение перед первым запуском, чтобы убедиться, что приложение не было изменено после предоставления его разработчиком.

Помимо приложений, небезопасными могут быть также другие типы файлов. Скрипты, веб-архивы и архивы Java могут потенциально нанести вред системе. Конечно, не все такие файлы опасны, но при открытии любых загруженных файлов следует соблюдать осторожность. Когда Вы собираетесь впервые открыть такой файл, отображается предупреждение. Запуск приложения в обход настроек безопасности.

How to protect your mac from ransomware

Q: Do Mac users need to be worried about ransomware or is it just a Windows problem?

A: Ransomware continues to be one of the most lucrative attacks that cyber-thieves have in their bag of tricks. In 2019, there was a 41% increase in attacks with the associated costs estimated to be in the $7.5 billion range.

While Windows-based computers have always been a much bigger target because there are more potential victims, ransomware specifically targeting MacOS has been around since 2016.

The Newest Threat

A recently discovered threat specifically targeting MacOS users named ‘EvilQuest’ has significantly stepped up the damage it does to victims.

Not only does it encrypt data files and holds them hostage, it also installs a keylogger, tries to steal crypto-currency wallet info and provides the hacker with full remote control of the computer, even if the ransom is paid.

It seems to randomly select files to encrypt that can include critical system files, such as the login keychain. The damage done by this particular malware is so insidious, that the only known way to completely remove the infection to format your entire storage disk and then reload everything from scratch or a clean backup.

Distribution Method

This particular ransomware program was first found hiding inside of another program, allowing it to sneak in when the host program gets installed, kind of like a Trojan Horse.

Although it’s been associated with pirated software downloads so far, there’s nothing to keep the bad guys from exploring other options. Hiding it inside another program makes it much more difficult for traditional signature based anti-virus programs to detect the malware.

You can go to this page on VirusTotal to see which security programs have updated their signatures to specifically detect this code.

As always, it’s best to stick to reputable sites or the Apple App Store for installing any new software program.

Check for Torrent Programs

We know that this is currently being spread through pirated versions of very popular or expensive software programs available on various ‘torrent’ sites, which is a shady part of the Internet.

Specific programs are needed in order to download programs for free from these torrent sites, so it’s a good idea to check your Mac for them, especially if you have kids.

Some of the more popular programs include Folx, qBittorrent, uTorrent, Transmission, Xtorrent, BitTorrent, Vuze, BitLord and FrostWire. You can manually search the Applications folder or use the Spotlight search (the magnifying glass icon in the upper right corner) to see if they exist.

If you find one of these programs on your Mac, it would be advisable to do a thorough security scan of your entire computer and have a discussion about the dangers of torrent downloads with the family member that is using it.

The Best Protection

No matter which ransomware strain hits you, your choices are either to pay the ransom or lose the files forever, unless you have a detached or off-site backup.

Anything attached to your computer such as an external hard drive or USB drive will be locked down by the malware, which is why online backups are very effective against this growing threat.

It is more important than ever to safeguard your digital assets from increasing risks and threats. Have you heard already of Ransomware and Shadow IT? Today, I would like to talk about these two serious risks and give you some tips to protect yourself from them.

Let`s start with ransomeware which is one of the darkest threats today.

What exactly is Ransomware?

Ramsomware is malware that encrypts files on other computers. The blackmailers who encrypt these files then threaten not to give the data back to you unless you pay them a large amount of money. One-third of British companies have already been affected by ransomware according to an article at infosecurity-magazine.com.

How can the risk of ransomware infection be reduced?

There is a possibility to reduce the risk of infection by malware like ransomware through comprehensive patch management. Most computers are particularly vulnerable to attack because they are not on the current patch level, or the default configuration allows the user to open unsafe applications. On Mac, a system can be secured quite quickly by regularly installing the latest security updates and by setting security settings to run programs. This can be accomplished with a client management tool like Parallels Mac Management for Microsoft SCCM. Parallels Mac Management extends your existing Microsoft SCCM to manage Macs like you manage PCs. It allows centralized rollout of the current patches for the operating system and applications and ensures a secure client.

Another dark risk is shadow IT.

What exactly is Shadow IT?

Shadow IT is the use of software, hardware, and IT systems that are not officially released and supported by the IT department. This includes the use of cloud services such as Dropbox or OneDrive that employees use for work without permission from the IT Admin. Shadow IT results in insecure data, as sensitive information can end up in unsafe channels and can also be attacked by Trojans such as ransomware. A client management tool like Parallels Mac Management can detect unlicensed software on end devices to reduce its use.

I hope this article gave you a better understanding of two big risks we have to face nowadays and how to protect yourself from them.

What is your experience with malware or shadow IT? Let us know in a comment below, or on Twitter or Facebook.

If you have any questions regarding Parallels Mac Management, feel free to contact us:

How to protect your mac from ransomware

Mac owners need to be careful about what they download after researchers discovered new ransomware disguising itself as a popular app.

Circulating through torrent sites and first found on a Russian forum, the malware installer camouflages itself as an installer for the legitimate Little Snitch app. Popular among torrenters, Little Snitch lets users monitor and filter network traffic so they can prevent or allow others to connect to networks using advanced rules.

    : Which MacBook Should You Buy? : Apple laptop reviews and ratings

Mac users attempting to download the app need to be extra careful about what link they use as the wrong one could lead to a ransomware attack. As Malwarebytes Labs notes, it can be difficult to tell real from fake as the faux installer is “attractively and professionally packaged, with a well-made custom installer that is properly code signed.”

The malicious app would download the legitimate Little Snitch installer along with a nasty script used to load malware. Fortunately, the hidden attack isn’t particularly effective. As Malwarebytes Labs learned, the malware installs but “the attempt to run the Little Snitch installer got hung up indefinitely, until I eventually forced it to quit.” Also, the malware failed to encrypt anything even after it was running for a long time and fed decoy documents as bait.

Eventually, the malware would infect your Mac and spread its way throughout your hard drive. However, during Malwarebytes Labs’ experiment, it only started to encrypt files after a number of settings were intentionally changed to encourage malicious behavior. And once it got going, the malware “wasn’t particularly smart about what files it encrypted” and it failed to send a ransomware request.

How to protect your MacBook

As Malwarebytes Labs points out, the best way to avoid having your data stolen is by creating backups. Once you have a backup, you can erase your hard drive and restore it.

“Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)”

Being careful about what links you press is another surefire way to avoid malware. Only download programs from legitimate websites — never go through a forum or use a link from someone you don’t know.

This is a good time to recommend anti-virus software. Malwarebytes for Mac will detect and remove this particular attack.

Having spent some years coding applications for macOS we’ve created a tool that everybody can use. The all-round problem fixer for Mac.

How to protect your mac from ransomware

So here’s a tip for you: Download CleanMyMac to quickly solve some of the issues mentioned in this article. But to help you do it all by yourself, we’ve gathered our best ideas and solutions below.

Features described in this article refer to the MacPaw site version of CleanMyMac X.

Locky is the nickname of a crypto-ransomware that infects computers by encrypting files and preventing user access. Cybercriminals use it to scare victims into handing over money. They hold encrypted data to ransom and demand payment for a decryption key that can restore inaccessible files. But nobody guarantees that after making a payment, you will get your data back unscathed.

The good news is that you can remove Locky ransomware from your computer in no time without the need to pay the ransom. In this article, we’ll show you how to get rid of this malware in a few simple steps and protect your Mac from future threats.

What is Locky ransomware?

In February 2016, Locky authors used the Necurs botnet to run a massive spam campaign, sending emails with the malicious code called to encrypt users’ data. The ransomware quickly spread throughout the world but affected North America and Europe the most. Since that time, it has become one of the most ever-multiplying members of the ransomware family.

The initial extension of encrypted files was LOCKY. As the malware evolving, new editions occurred, introducing new file extensions.

Locky often names its extensions after gods of Egyptian and Norse mythology: ODIN, THOR, AESIR, LOPTR, and OSIRIS. There were also SHIT, DIABLO6, ZEPTO, and ZZZZZ. The latest known file extensions are LUKITUS, YKCOL, and ASASIN.

Locky ransomware attacks individual users and large businesses. One of the first most significant attacks hit primarily the healthcare sector as well as the transportation, telecom, and manufacturing industries. The virus is best known for a high-profile infection at a hospital in Los Angeles, which paid a $17,000 ransom to recover its data.

How did Locky get on my computer?

Ransomware authors spread the infection via fraudulent emails similar to those used by Dridex malware focused on stealing banking information. The email is designed to make you believe that it comes from a reputable company. It always includes an attachment which you’ll be asked to download. Usually, it’s Word, Excel, or ZIP file disguised as an invoice. Here is a typical scam email with Locky virus:

Please find an invoice attached below. Make a payment according to the terms listed at the bottom of the invoice.

Let us know if you have any questions.

We greatly appreciate your business!

How does Locky ransomware work?

Locky is a big player in the malware industry. It’s powerful enough to encrypt over 160 different file types, including videos, images, and Office files. Although Locky tends to infect Windows, it also attacks macOS. Here is how it works:

  1. You download and open an attached document.
  2. Content in the document looks like gibberish.
  3. A warning message advises you to enable macros so that the content can be displayed correctly. But this social engineering technique is used as a bait to trick you.
  4. By enabling macros, you activate a malicious script that installs Locky malware on your computer.
  5. The virus begins to lock specific files, rename them to a weird combination of letters and numbers and change extensions.

Once the files are encrypted, Locky starts demanding ransom from you. It asks you to install the Tor browser and make a payment in Bitcoin (BTC) to get the decryption key. Generally, ransom varies from 0.5 to 1.0 BTC, which equals about $3600–$7200 as of December 2019.

How to remove Locky ransomware

First of all, you should ignore it. Never follow the steps described in the ransom note. There is no guarantee that the scammers will keep their promises and turn your files back to life. By fulfilling their demands, you’ll encourage cybercriminals to expand their grim business and use your money to attack even more users.

To remove Locky virus, you need to fire up an anti-malware software and let it do its job. There are several useful tools available for Mac, both free and paid. I opt for CleanMyMac X by MacPaw. It’s approved by Apple, which means I can completely trust this software.

With its user-friendly Malware Removal module, CleanMyMac X turns Locky ransomware removal into a piece of cake.

How to protect your mac from ransomware

Here is how to use it:

  1. Launch CleanMyMac X (download it here for free).
  2. Select Malware Removal from the sidebar.
  3. Hit the Scan button and let it look for malware.
  4. If anything suspicious is found, click Remove to get rid of it. That’s all!

Locky virus removal won’t decrypt or restore affected files. There is no practical method to decrypt them. The only thing you can do to recover your data is to restore it from backup. That’s why regular updates and backups of your device are so crucial.

How to protect your Mac from Locky

Prevention is always the best protection strategy. Stay vigilant and follow these simple tips to keep your computer safe from Locky or other types of ransomware:

  1. Avoid opening any suspicious attachments or links. Make sure you know and trust the source of the document before opening it.
  2. Disable all macros in Office for Mac by default and never enable them in any dubious documents you get. Open Word, Excel, or PowerPoint, go to Preferences > Security & Privacy and choose desired settings.
  3. Regularly back up your files to cloud storage or external drive.
  4. Install system and software updates and patches as soon as they are released.
  5. Scan your Mac for malware threats. You can do this automatically by turning on real-time protection. Click on the CleanMyMac X menu, go to Preferences > Protection, and enable the monitor to let it scan your computer on the background.

Locky operates all top ransomware features such as colossal spam email campaigns, BTC payment gateway, different scripting languages, and server-side encryption. Luckily, it’s not too difficult to keep your Mac clean and protected from this or any other type of ransomware. With CleanMyMac X, you can be sure that nothing goes unnoticed thanks to its vast database of malware threats. It checks your Mac in a background mode ensuring your data and files are in safety.

How to protect your mac from ransomware

Mac owners need to be careful about what they download after researchers discovered new ransomware disguising itself as a popular app.

Circulating through torrent sites and first found on a Russian forum, the malware installer camouflages itself as an installer for the legitimate Little Snitch app. Popular among torrenters, Little Snitch lets users monitor and filter network traffic so they can prevent or allow others to connect to networks using advanced rules.

    : Which MacBook Should You Buy? : Apple laptop reviews and ratings

Mac users attempting to download the app need to be extra careful about what link they use as the wrong one could lead to a ransomware attack. As Malwarebytes Labs notes, it can be difficult to tell real from fake as the faux installer is “attractively and professionally packaged, with a well-made custom installer that is properly code signed.”

The malicious app would download the legitimate Little Snitch installer along with a nasty script used to load malware. Fortunately, the hidden attack isn’t particularly effective. As Malwarebytes Labs learned, the malware installs but “the attempt to run the Little Snitch installer got hung up indefinitely, until I eventually forced it to quit.” Also, the malware failed to encrypt anything even after it was running for a long time and fed decoy documents as bait.

Eventually, the malware would infect your Mac and spread its way throughout your hard drive. However, during Malwarebytes Labs’ experiment, it only started to encrypt files after a number of settings were intentionally changed to encourage malicious behavior. And once it got going, the malware “wasn’t particularly smart about what files it encrypted” and it failed to send a ransomware request.

How to protect your MacBook

As Malwarebytes Labs points out, the best way to avoid having your data stolen is by creating backups. Once you have a backup, you can erase your hard drive and restore it.

“Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)”

Being careful about what links you press is another surefire way to avoid malware. Only download programs from legitimate websites — never go through a forum or use a link from someone you don’t know.

This is a good time to recommend anti-virus software. Malwarebytes for Mac will detect and remove this particular attack.