Technology January 11, 2016 Last updated January 9th, 2016 1,701 Reads share

Are You Ready for Mac Ransomware?

Image Credit:

Extortion based on the use of file-encrypting ransomware has become a widespread encounter on Windows over the course of the past few years, and it never was beyond the realms of possibility that these campaigns would enter the expansive Mac OS environment.

Apple devices have not been subject to ransomware plagues to an appreciable extent thus far. Developing viruses of this kind, however, does not pose much of a challenge to white and black hat researchers.

Mac Ransomware Proofs of Concept

Rafael Salema Marques, a cyber researcher from Brazil, has come up with a

Nasty Browser Lockers

In the meanwhile, users are reporting attacks by Mac ransomware on Apple community forums once in awhile. These encounters mostly feature more primitive strains of malware that are actually browser lockers rather than crypto viruses.

Such breeds of harmful code hijack Safari. They pop up a misleading browser message allegedly issued by the FBI or other law enforcement authorities. In the course of the attack, users are wrongfully accused of violating privacy and copyright laws and/or distributing pornographic or otherwise offensive and abusing content. The message is technically nothing but a malicious web page that users stumble upon when searching for trending information like images of celebrities, as in the case described by Jerome Segura from Malwarebytes.

In this predicament, no malware actually compromises Apple devices, so it’s a substitution of concepts for the most part. The hack is backed by an intrusive web script and Safari’s otherwise useful Restore from Crash feature. When the user force-quits the browser to get rid of the phony FBI page, alert keeps coming back as part of the previous session. Despite the obvious primitiveness of this attack, non-tech-savvy victims may end up believing they are facing real prosecution by the FBI.

Browser Lockers Removal Tips

To get rid of these Safari lockers, the user can go the tough path and hit the pop-up 150 times to make it go away. The easier and certainly more judicious way of troubleshooting is to reset Safari to its defaults, which is essentially a two-click transaction.

Aside from the cases where criminals demand ransom by exploiting web browser vulnerabilities, viruses that would actually encrypt files on Macs is in the realm of pure theory at this point, with the above-mentioned proof of concept projects being a wakeup call for the industry.

There are two main reasons why OS X has not yet been impacted by encryption viruses:

  1. According to an expert opinion expressed in Jeremy Kirk’s post, ransomware authors haven’t yet stepped into the OS X arena because they are perfectly comfortable with the immense profit from compromising Windows computers.
  2. Another reason stems from Apple’s meticulous developer guidelines. The technology known as Gatekeeper is in place to be able to block any installation that has no Developer ID issued by Apple.

Any developer can buy a one-year membership in the Apple Developer Program for just 99 USD. Although Apple can promptly withdraw the dev ID and apps from the store if things go wrong, even a brief time span of Developer ID validity can suffice to infect Mac machines on a large scale.

Patrick Wardle, the Director of Research at Synack, has admitted the Developer ID is not likely to be withdrawn immediately. Apple’s security concepts are very good, however, their success may depend on timely response to malware cases.


Windows has been facing severe virus attacks for 15 years, and the solutions for combatting Windows malware have significantly evolved over this time. Security experts emphasize that Windows antivirus products include heuristic detection algorithms. This technology can identify malware by its behavior. Mac security algorithms are not that advanced. “Luckily, most of the Mac malware is unsophisticated” – Patrick Wardle remarks.

As the Mac user base is steadily growing, the platform is getting more heavily targeted by cybercrime actors. An efficient response to the imminent increase of Mac malware complexity is hence making its way to the top priorities list on security industry’s agenda.

Images: “Ransomware dollar key on a keyboard/


Tweak Your Biz is a thought leader global publication and online business community. Today, it is part of the Small Biz Trends stable of websites and receives over 300,000 unique views per month. Would you like to write for us?

An outstanding title can increase tweets, Facebook Likes, and visitor traffic by 50% or more. Generate great titles for your articles and blog posts with the Tweak Your Biz Title Generator.

David Balaban

David Balaban

Read Full Bio