Party’s over, Mac users!
The first Mac ransomware application has been found in the wild.
“Ransomware” is a pernicious category of malware which has bedeviled users of Microsoft Windows for years. Ransomware locks users out of their documents, then demands a ransom in exchange for the unlock key. Without this key, there is literally no way to ever access your documents again.
In this case, the criminals are demanding approximately $400 for the unlock key.
This new Mac ransomware was delivered through an infected copy of Transmission, the popular, open-source BitTorrent application. Although Transmission is traditionally used to download illegal software and media, some of MacCentric’s clients do use it for legitimate business purposes.
Apple’s built-in Mac OS X antivirus mechanism did not detect the infected files at first. Apple has since updated its built-in antivirus to detect the threat and warn the user. However, tech-savvy users can easily bypass that warning with a few mouse clicks.
We’ve already completed a fleet scan for MacCentric Solutions clients who use our antivirus and fleet-management service offerings (if you’re not one of them, drop us a line). We are notifying clients whose computers might be affected.
See below for our recommendations on how to protect your company’s devices!
3 Ways To Protect Against Ransomware
Ransomware is a challenging cybersecurity threat because traditional antivirus applications have not always been successful in detecting and defeating it. The challenge is especially acute on the Mac platform because most smaller Mac-centric businesses allow their employees to install any applications they want on company-owned computers.
In response to these challenges, over the years MacCentric Solutions has developed a multi-pronged approach, as part of our managed Startup In a Box service, to protect against the potentially crippling and expensive effects of a ransomware infection.
Our approach aims to defeat ransomware at different stages of its lifecycle:
1. We stop malware before it arrives. We use a suite of different tools — traditional antivirus applications, network-perimeter scanners, web content filtering, data aggregation of web usage trends, and more — to identify suspected attacks and prevent users from downloading or installing malicious payloads.
2. If a bad actor does manage to get their malware installed on your computers, our toolset can prevent them from taking control by blocking the ransomware’s attempts to phone home “We got one!” to its control servers, from which the ransom process is initiated.
3. Finally, if ransomware does successfully encrypt a computer, all is not lost if you’re utilizing our offsite backup service to keep safe copies of your data.
Another way to protect your fleet against infection is to revoke administrative access from your users. This can be culturally tricky and also can have technical implications, so ask us before choosing this route!
Apple’s Time Machine Backups Possibly Compromised
Apple’s built-in Time Machine backup may not be sufficient backup protection against this particular threat! The security researchers who discovered this new malware think that it also attempts to encrypt Time Machine backup files to prevent victims from recovering their back-up data. You need a third-party offsite backup service to fully protect against this threat.
What Should You Do Next?
If your company subscribes to our managed Startup In a Box service, we’ve already scanned your fleet and are notifying clients who might want to take additional preventative action.
If you’re not a subscriber, now’s the time to do something! Start by installing offsite backup software on your entire fleet. Then consider a multi-pronged protection strategy to defeat malware at numerous points in its lifecycle. Or, ask us to do all of this for ya.
Need help determining what to do next? Drop us a line and we’ll give you our recommendations!
Until next time, remember:
There are only two kinds of people: Those who have lost important data, and those who are going to lose important data.