Ransomware attacks aren’t just a threat to the Windows operating system — they’re encrypting files on macOS devices and demanding a ransom payment for a decryption tool.
Cybersecurity researchers at Microsoft Security Threat Intelligence detailed some Ransomware campaigns that target Apple-based networks and computers — and the attack methods are very familiar with those used by cybercriminals against Microsoft Windows and other operating systems.
In many cases, the initial compromise occurs after users are tricked into providing access to cybercriminals, such as by opening phishing email or download and run fake or app is trojaned which installs the ransomware.
Ransomware can also come in the form of second stage payload dropped by other malware previously installed on the machine, by the same cybercriminals or access brokers leasing access to the compromised system, or uploaded as part of a software supply chain attackwhere attackers have managed to compromise software updates.
Also: Ransomware: Why it’s Still a Big Threat and Where the Gangs Go Next
While most ransomware campaigns target Windows systems and are likely attracted by the large number of organizations that place their infrastructure on Microsoft Windows, Macs are not immune. Ransonmware on Macs is not a new phenomenon. However, researchers warn that the evolution of attacks on MacOS shows that ransomware is not just a threat to a specific operating system.
“Ransomware continues to be one of the most pervasive and impactful threats affecting organizations, with attackers continually evolving and expanding their techniques to create a network broader potential target,” Microsoft said in a blog post.
They added: “Although these malware families are old, they are a prime example of the range of capabilities and potentially malicious behavior on the platform.”
Like other forms of ransomware on other operating systems, ransomware targeting MacOS is equipped with features designed to achieve persistence and avoid detection until it’s too late.
These features include delaying malware execution to avoid detection in the early stages of an attack, instructions to run every time the machine boots, and using legitimate features in MacOS to run commands, and help spread the attack.
But one particular form of Mac ransomware seems to have more intentions than just focusing on encrypting files and demanding a ransom payment — analysis shows that it also has many possibilities. stronger ability.
The ransomware, called EvilQuest, first appeared in 2020 and is still targeting Mac systems to this day.
According to Microsoft, newer versions of EvilQuest come with additional capabilities, including keyboard logging, sending a record of what infected victims type with their keyboard to attackers, which can be exploited to secretly steal usernames and passwords.
EvilQuest also has the ability to disable security software, a tactic used to reduce the chances of ransomware being detected before the attack is finally triggered.
Other forms of Mac ransomware detailed by Microsoft include KeRanger, FileCoder, and MacRansom — and all of them use techniques designed to make it difficult for a user or cybersecurity team to manually detect.
Microsoft says it has detailed information about Mac ransomware to help defend against attacks.
Also: Google warns: Android ‘patch gap’ is making these smartphones vulnerable
“Ransomware continues to be one of the most serious threats affecting any platform. Our analysis of ransomware on the Mac operating system shows how its creators use different techniques. to hide themselves from automated analysis systems or make it difficult for analysts to manually check,” the writer said. go up.
“Understanding ransomware habits and their impact on any device or platform is essential for individual users to take steps to protect devices and data.”
Some tips on how to avoid becoming a victim of ransomware include only installing apps from trusted sources, such as the software platform’s official app store, and restricting access to resources. privileges if the user doesn’t need them, as that approach will help prevent the spread of ransomware.
It is also recommended that The operating system is updated with the latest security patches to ensure they are protected against cyberattacks that exploit known vulnerabilities.
And regardless of the operating system being used, organizations should help employees understand how to maintain good cybersecurity hygiene.
MORE ABOUT NETWORK SECURITY
