Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I've only heard of one instance of ransomware on the Mac.
That was a hacked version of an app named "Transmission" (torrent downloader) a few years back.
It was quickly detected and dealt with.

Do YOU know of any recent ransomware attacks?
If so, please tell us...
 
Anyone here got hit by ransomware?
No but I can tell you how not to get hit by it. Avoid downloading pirated software. That's the fastest and easiest way people get ransomware and malware on the Mac.

Also have your files backed up on a non connected external drive. Don't connect that drive to an infected computer. That will protect you from ransomware, but it won't protect you from keyloggers that will capture your passwords and accounts.
 
I've gotten spam/phishing emails that claim to have infected my machine with ransomware in an attempt to shake me down for some Bitcoin or whatever, but I know it's just a scam. That's what happens when your email is out on the internet. I just ignore.
 
  • Like
Reactions: russell_314
I was hit many years ago when I solicited resumes while hiring. I wiped and used my backup so probably lost about a half a day or so of work.
 
No, but even if I was, I have Time Machine backups that are never older than 1 week.
Don't think you are safe because you have (Time Machine) backups.
If you are hit by ransomware encrypting your data and your backup disks or NAS are connected to your computer (or LAN) that data will most certainly be affected as well. Also data in your cloud will likely be affected.
 
Last edited:
Objective-See's Blog: "The LockBit ransomware (kinda) comes for macOS
Analyzing an arm64 mach-O version of LockBit"
https://objective-see.org/blog/blog_0x75.html
"And while this may be the first time a large ransomware group created ransomware capable of running on macOS, it worth nothing that this sample is far from ready for prime time. From it’s lack of a valid code-signing signature to its ignorance of TCC and other macOS file-system protections as it stands it poses no threat to macOS users."

BleepingComputer Update 4/16/23: <In response to questions from BleepingComputer, the public-facing representative of LockBit, known as LockBitSupp, said that the Mac encryptor is "actively being developed.">
 
  • Like
Reactions: gilby101
Objective-See's Blog: "It's Turtles All The Way Down 🐢 Analyzing the newly discovered "Turtle" ransomware"
https://objective-see.org/blog/blog_0x76.html
"Today we dove into a new ransomware sample, internally dubbed “Turtle”. And while in its current state it does not post much of a threat to macOS users, it yet again, shows that ransomware authors continue to set their sites on macOS."
 
"According to SentinelOne, NotLockBit appears to be the first functional ransomware family targeting macOS systems, as previously observed attempts were mere proof-of-concept (PoC) samples."
https://www.securityweek.com/notlockbit-ransomware-can-target-macos-devices/
"SentinelOne - macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools"
https://www.sentinelone.com/blog/ma...-suggest-a-threat-actor-sharpening-its-tools/
"Trend Micro - Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data"
https://www.trendmicro.com/en_us/re...-ransomware-samples-abuse-aws-s3-to-stea.html
 
Having RansomWhere + BlockBlock from objective-see doesn't really hurt. Latter is really useful for informational purposes if installers end up placing launchagents/daemons anywhere. Former is kind of neat in theory, I guess in practice it's mostly a way to know if something is writing out opaque encrypted binary blobs anywhere.
 
  • Like
Reactions: bogdanw
Official pages for
RansomWhere? "By continually monitoring the file-system for the creation of encrypted files by suspicious processes, RansomWhere? aims to protect your personal files, generically stopping ransomware in its tracks"
https://objective-see.org/products/ransomwhere.html
BlockBlock
"Malware installs itself persistently to ensure it's automatically (re)executed.
BlockBlock monitors common persistence locations and alerts whenever a persistent component is added."
https://objective-see.org/products/blockblock.html
 
No, but even if I was, I have Time Machine backups that are never older than 1 week.
This will only help you if you have multiple TM disks used in rotation (and unplugged when not in use).
Anything attached to the Mac, or accessible from the Mac (such as cloud services), would quickly be encrypted by ransomware.
 
This is why Onedrive is so much superior to iCloud.

First, it has file history. Even if you upload multiple ransomware-encrypted versions of your files to Onedrive before you realize it, you can go back until you find an unencrypted version. I believe by default the file versions limit is set to 500.

Second, it will send you an alert email if it detects ransomware-like activity in your account, such as deleting a large number of files and replacing them with encrypted files. I get alerts every time I add a bunch of files to Cryptomator because it behaves in the same way. (It will also alert you if you delete a large number of files without any encryption).

By comparison, iCloud doesn't have any such protections - at least none that I know of. If you override a file even once it's gone.
 
  • Like
Reactions: edubfromktown
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.