How to protect your business from Mac ransomware
Windows users are often the victims of ransomware attacks. For example, in 2017, WannaCry and Petya ransomware infected hundreds of thousands of Windows PCs around the world. Unfortunately, ransomware strains that specifically target Macs are expected to grow in number as well. If you have a Mac, follow the security best practices below to avoid getting infected.
What is ransomware?
Ransomware is a type of malicious software that holds computer systems hostage via encryption until a ransom is paid. Attackers typically threaten to release the encrypted information to the public or destroy sensitive data if victims don’t pay within a certain deadline. Healthcare and finance organizations, in particular, are more likely to pay the ransom because these organizations tend to be worth a lot of money and have many valuable assets, and can’t afford to lose access to their critical data.
As its name suggests, Mac ransomware is simply ransomware that targets Mac desktops and laptops. And just like other types of ransomware, it is typically distributed via phishing emails.
Types of Mac ransomware
In 2016, the KeRanger ransomware was distributed through the popular BitTorrent app Transmission. KeRanger was signed with an authorized security certificate, allowing it to evade macOS’s built-in security measures and infect more than 7,000 Mac computers.
Meanwhile, the Mac ransomware strain Patcher was discovered in 2017. It disguised itself as a patching app for programs like Microsoft Office. When launched, Patcher would encrypt files in user directories and ask for a Bitcoin ransom. But the ransomware was poorly built, so there was no way to retrieve the decryption key once the ransom was paid.
In 2019, the EvilQuest ransomware encrypted files and forced victims into paying a Bitcoin ransom. Much like Patcher, however, there was no decryption key, leaving those who paid the ransom with nothing.
Ransomware attacks like these can make a resurgence at any time, which is why you need to be prepared in case of an attack.
An ounce of prevention goes a long way
Preventive measures are the best way to keep your Macs safe from ransomware. This involves installing only programs from the official App Store and the latest software patches to defend against the latest threats.
Since phishing emails are the usual delivery method of ransomware, be wary of suspicious links and email attachments. Always be on alert even if the email appears to come from a legitimate company or someone you know.
You must also maintain offline backups and have a disaster recovery plan to keep your business running in the event that ransomware successfully infiltrates your systems.
Responding to ransomware
If your Mac is infected with ransomware, do not pay the ransom fee, as there’s no guarantee that hackers will provide a decryption key and release your data. Instead, use an up-to-date anti-malware program to remove ransomware from your computer. There are also free ransomware decryption tools online that you can use to remove the infection.
If these tools don’t work, contain the spread of the ransomware by disconnecting from the network. Afterwards, run data recovery procedures and immediately seek the help of our cybersecurity experts. We stay abreast of the latest Mac security threats and know just how to keep your business safe.