LockBit ransomware can now target macOS. A great first one that can wreak havoc.
One of the most notorious ransomware groups seems to have started attacking Mac computers. Great first! In a series of tweets spotted by 9to5Mac, a group of security researchers called the MalwareHunterTeam said over the weekend that they had found numerous evidence of a ransomware version of LockBit, conceived and designed to compromise macOS devices.
LockBit ransomware can now attack macOS
As far as the group in question is concerned, this will be the very first public appearance of LockBit ransomware that can be used against Apple-branded computers. That being said, judging by this tweet, it seems like it has been possible since last fall.
“I think this is the first time that a major ransomware player has targeted an Apple operating system,” said security analyst Brett Callow, highlighting the significance of the announcement. As 9to5Mac explains, the LockBit team has historically focused on Windows, Linux, and virtual host machines. The main reason is that these operating systems are mainly used by companies targeted by the group’s partners.
Great first one that can wreak havoc
For those who don’t know, the LockBit team works through what’s called ransomware as a service. The Group has never been directly involved in buyout transactions. It simply develops and maintains malware that people and other groups can buy to attack businesses. According to a US Department of Justice prosecution released last fall, LockBit is “one of the most active and destructive ransomware variants in the world.”By the end of 2022, the software had infected the systems of over 1,000 victims. This would allow the group’s partners to steal tens of millions of dollars.
“locker_Apple_M1_64”: 3e4bbd2175 6ae30c24ff7d6 942656be02 4139f8180 b7bddd4e5 c62a9dfbd8c79
As far as I can tell, this is the first Apple Mac device to target the LockBit ransomware sample build…
Is this also the first for the loud gangs?
🤔 @patrickwardle
cc @cyb3rops pic.twitter.com/SMuN3Rmodl
— MalwareHunterTeam (@malwrhunterteam) April 15, 2023