MacRansom: First Ever Ransomware-as-a-Service Attack Strikes macOS

The first instance of ransomware-as-a-service has been discovered on the Dark Web

Many macOS users thought they were safe from the fury of the ransomware attacks — after all, Apple enjoys a great reputation for security — but security researchers have found traces of ransomware provided through a ransomware-as-a-service (RAAS) portal.

As far as Windows systems are concerned, these ransomware-as-a-service attacks (RAAS) have been around for quite a while now. This is purely down to the fact that Windows is the most widely adopted OS globally. Granted, macOS offers a more secure platform compared to Windows OS, but contrary to popular belief, that doesn’t mean that the Apple systems are safe from threats. No system in the world is 100% secure and macOS is no different.

However, this is believed to be the first case of macOS being targeted via service portals on the Dark Web. The ransomware-as-a-service portal allows wannabe cyber criminals with limited or zero coding skills to attack systems and earn a quick buck. From far, it appears to be a highly lucrative option. Therefore, it wouldn’t even be surprising to see high school kids having a go at it. All these budding miscreants have to do is contact the author on the Dark Web, retrieve the malicious code and spread it via spam emails.

Once the files are encrypted, com.apple.finder.plist and the original executable are encrypted by MacRansom. Recovery tools prove to be useless as it alters the Time Date Stamp.

The victim is given 7 days to pay the ransom. They must pay 0.25 bitcoins (around $700) in one week or else the encrypted files will be destroyed. To get the files decrypted, MacRansom requires the victim to contact on an email ID. On receiving payment from the victim, the perpetrator must pay 70% of the money to the author and he/she gets to keep 30% as the profit.

Initially, this was considered to be a big, loudmouthed scam by the research team of security firm Fortinet. The “customers” had to contact the developer instead of downloading the malicious files directly. To get it uncovered, the Fortinet research team tried contacting the author by pretending to be a middle-man and astonishingly, they got a reply from the developer. They found the MacRansom on the web portal of TOR. It proclaims itself as the ‘the most sophisticated Mac ransomware ever.

[Click to Continue Reading]