LockBit ransomware is now targeting Macs for the first time
Malcolm Owen
The LockBit ransomware group has seemingly started to target macOS, following the discovery of the first malware build intended to infect Macs.
LockBit is a ransomware gang that has existed for a number of years, using malware to attack high-profile institutions such as the UK's Royal Mail and a Canadian hospital. Thought to be based in Russia, the organization has repeatedly used its malware to attack Windows and other platforms, but now it's going after macOS users.
Found by MalwareHunterTeam on Sunday, a build of a LockBit ransomware sample appears to be intended for Apple Silicon Macs. Described as "locker_Apple_M1_64," referencing the first wave of Apple's Mac chips, the build is believed to be the first LockBit ransomware sample in the wild aimed at modern Macs.
It is also thought to be the first time a major ransomware group took interest in creating a payload that attacks Apple hardware.
Unexpectedly, the M1_64 variant isn't the only non-Intel Apple-specific builds to surface. In one archive, ransomware builds are found to be made for PowerPC Macs.
While the existence of ransomware isn't necessarily a massive cause for alarm, especially on the first appearance, the operations of LockBit as a group makes it a more serious situation.
As well as using it for their own needs, the group also provides access to its ransomware to other criminals willing to pay. With the prospect of others potentially using it, it stands to reason that there could be a lot of ransomware attacks against Macs in the near future.
Andrew Orr
William Gallagher
Mike Wuerthele
Christine McKee
