14 DAY TRIAL // Mac users have been somewhat more protected against malware attacks, mostly because it's easier for hackers to fish in the largest pond in the world - the Windows userbase. Now, however, the first ever ransomware-as-a-service was observed on the dark web.
Cybercriminals will, therefore, be able to target not only Windows users but also Mac users just by shelling out some bucks.
Ransomware-as-a-service (RaaS) schemes offer wannabe criminals a way into extorting people over the Internet, with one condition - giving the author a cut of the profits. This type of schemes have become quite popular for Windows in the past year, but they've avoided Macs until now.
According to security firm Fortinet, MacRansom is currently being advertised on a TOR web portal. It claims to be the most sophisticated Mac ransomware ever.
How it works
The researchers went on and analyzed the ransomware this scheme offers and discovered that it comes with a trigger time set by the author at the request of the criminals that buy the software. This allows the perpetrators to delay the file-encryption instead of immediately locking the victim out of their files.
Once the ransomware gets triggered, it starts encrypting files. The weird part is that it can only encrypt 128 files, something that made researchers believe that this isn't a piece of malware that's as sophisticated as other ransomware that have been disclosed until now.
Don't get this wrong - it will still encrypt your files if you get infected, including com.apple.finder.plist and the original executable, while also changing the Time Date Stamp. This pretty much renders file recovery tools useless.
The ransom set by MacRansom is of 0.25 Bitcoin. Depending on the Bitcoin value of the day, it can be quite expensive. At the current price, the ransom would have victims shell out $670 to get their files back. If the ransom is not paid within a week, the attackers threaten to delete them.