In the last couple of years, which will be remembered as the years of ransomware, we saw a lot of cases where individuals and companies were hit by this nasty type of malware. But ransomware was mainly targeting their Windows operating systems. This is wrong to think, however, that cybercriminals are only interested in Windows users: Mac users are in danger too.
There is a relatively low number of ransomware samples targeting Mac OS X — partly because of a lesser market share and partly because of OS specifics related to Apple’s development policy. But it doesn’t mean you’re not in danger. One successful infection will be enough for you to lose all the data you value.
According to a recent McAfee report, there are about 450,000 malicious programs aimed at Macs. The report also says that Mac malware grew by 744% last year. Even though most of it was adware, which is an irritation rather than a threat to data, there was also ransomware.
How Mac computers get infected
The infection scheme is usually pretty straightforward and if often replicates what we see in case of the attacks against Windows users. It involves the following:
- Tricking the individual into opening a file they were inclined to trust,
- Installing and running the ransomware program.
Now, the question is, how does it pass the GateKeeper (https://support.apple.com/en-us/HT202491)? In some cases, ransomware is signed by a valid certificate, in another, it is distributed via bittorrent pirate sites in a form of a patcher or some other utility with a malicious purpose. The big problem is that often the “patcher” ransomware does not have any C&C related functionality and comes with the only purpose to encrypt the files without any chance of decryption even if the user pays the ransom.
More than that, we had a case of a Ransomware-as-a-Service for MAC OS X, MacRansom. Authors of this malware even provided a nice FAQ for newbies who wanted to become rich by extorting money from other people:
Ransomware for Macs is on the increase and it’s only going to get worse. For this reason, following the top three tips to protect yourself from ransomware remains as important as ever: be prepared, have a backup and never pay the ransom.
Acronis is here to help
As there is a growing number of ransomware attacks against Mac computers right now, we added Acronis Active Protection to Acronis True Image 2018 for Mac OS X on the level which is capable of dealing with the current threat level and a bit beyond. It monitors and protects all files within the user’s home directory (/Users/username), because this is there all important data is (documents, desktop files, downloads, pictures, movies, music, and public files).
This works exactly the same way as Acronis Active Protection for Windows where files are monitored by using behavioral heuristics analysis. If there is an abnormal activity, the system sends an alert to the screen, where the user can block (blacklist) the process and reverse the changes in few mouse clicks, almost instantly.
While the system is not monitoring backup files, operating system or boot records, this functionality will be added in the future releases. We will continue developing Acronis Active Protection for Macs (currently it supports Mac OS X version 10.10) protecting users from current and future ransomware threats. As for now, don’t forget to back up. Full image backup with multiple backup copies stored in different locations is your ultimate protection against ransomware.
Download and try Acronis True Image 2018 today and keep your system safe.