Ransomware has been a menace to the web the past several months. Hospitals are being victimised and sent back to the non-digital age, their devices and files held for ransom to be paid in Bitcoin; while schools also suffer through the same ordeal.
Locky, a certain type of ransomware, spread profusely – infecting millions within a week’s time. Another form – Jigsaw – surfaced in mid-April, using snippets of the Saw film series to shock victims.
These are only a small fraction of more than 50 other categories of ransomware, with Cryptowall being one of the most devastating to date by stealing funds from organizations and individuals. The government has been on high alert, with congressmen calling for action and the FBI issuing statements regarding ransomware.
Apple computer owners, on the other hand, have a smaller chance of being attacked by ransomware compared to Windows computer owners. There has only been one kind of ransomware that was functional enough to infect up to 7,000 computers – the KeRanger bug. While there have been several types ransomware aimed at Macintosh computers, two of the were developed as research projects and not as cybercriminal bugs.
The ransomware will encrypt a few files before being detected and blocked.
One hacker believes he has produced a program to prevent current types of ransomware from infecting Mac OS X. He also states that as long as cybercriminals won’t be able to hack his program, future kinds of ransomware would be destroyed before they even attempt to hack into Apple computers
Patrick Wardle, an ex-NSA employee who now leads research at Synack, created “RansomWhere?” after studying ransomware samples that were aimed at Apple devices. He concluded that the antivirus wasn’t effective against this malicious form of malware.
He came up with a code that would look for untrusted processes that created encrypted files rapidly, something ransomware usually does. Wardle added, “the ransomware will likely encrypt a few files (ideally only two or three), before being detected and blocked.”
Wardle does admit that his program is far from perfect and could be evaded by hackers who can detect it and remove its capabilities. Files that are not stored in the user’s home directory are not protected by the RansomeWhere? tool.
Theoretically, ransomware could move the files outside the directory and then lock them up. The RansomWhere? tool would then not be able to help since it trusts all Apple-signed files and apps already installed on the machine. Wardle added, “I’m hoping all the ransomware authors are high and overlook this.”
In mid-April, a veteran professional Mac-hacker said he was able to bypass RansomWhere? in a matter of minutes by just tweaking the code for his malware. He only needed 10 lines of code to be able to move the target files from inside the home directory and lock them up. He even posted a video on YouTube showing the process of his hacking.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.