Emerging Threats

OS X is not immune to crypto ransomware as researchers uncover proof-of-concept


Authored by a Symantec employee

 

A proof-of-concept (PoC) discovery means that this is not an actual outbreak, but that it has been created in a lab by researchers simply to see prove if it is possible. The researchers that perform these tasks are considered white hat hackers. Some white hat hackers are usually paid employees or researchers working for companies as security specialists that attempt to find security vulnerabilities. The point of this type of research is to try to get one step ahead of the bad guys and to produce early detection and software patches for possible future outbreaks.

Brazilian cybersecurity researcher Rafael Salema Marques, developed the proof-of-concept ransomware dubbed Mabouia, (detected by Symantec as OSX.Ransomcrypt). Marques developed the PoC malware to highlight the fact that Macs are not be immune to the threat of ransomware.

Symantec researchers have confirmed that this proof-of-concept (PoC) threat works as described and could be used to create functional OS X crypto ransomware if it fell into the wrong hands. Marques said he has no intention of publicly releasing the malware.

This is very important, as Mabouia is the first case of file-based crypto ransomware for OS X, even though it is just a proof-of-concept. File-based crypto ransomware is when the actual files on the device become encrypted and locked, which is different than the 2013 discovery by researchers at Malwarebytes where browser-based ransomware targeted Safari for Mac users through a malicious website and locked the browser only.

How to Stay Protected:

Norton Security detects this threat as OSX.Ransomcrypt. While Norton products do detect this vulnerability, there are a few other best practices so you can make sure your data stays protected and retrievable.

  • If you do contract the ransomware, never pay the ransom! While the cybercriminals say you’ll get your files back if you pay the ransom, that’s not always a guarantee- you are dealing with criminals, and more than anything, you are just helping fund their efforts.
  • Regular backups are a key defense against ransomware. If you happen to become infected with ransomware, as long as you have a recent backup of your files, you can restore your computer back to its normal state. One key thing to remember is to unplug your backup device once you’ve completed it, as ransomware can spread to anything connected to your computer.
  • Regularly update your software- both the operating system and programs that are installed on your computer, as out dated software can leave open security holes that can allow malware in.
  • Be skeptical about spam. If you receive a message asking for account credentials, asking you to download software or click on strange links beware. Instead, try typing the official URL of the site in question rather than clicking on the link in the email. You can brush up on the telltale signs of phishing here.
  • Be sure to use a comprehensive Internet security software suite, such as Norton Security to stop detectable threats in their tracks.


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.