It’s never very pleasant to know that your IT platform of choice is being targeted by malicious hackers. The discovery of ransomware on macOS is therefore not benign.
For many years, Apple’s operating systems were largely spared from viruses, malware and other ransomware. Due to their relatively small market share, these machines were of little interest to pirates. For some time now, however, the rise of macOS has been accompanied by new security risks. A new ransomware targeting the operating system proves it.
Limited risks
Aptly named “TurtleRansom” (or RançonTortue in French), this piece of malicious code aims to encrypt the data of a machine and send a message to the user, asking them to pay a ransom for regain access to its files. In short, a proper ransomware. Fortunately, the risks of you ending up with a bricked machine are quite limited at the moment. As security researcher Patrick Wardle (who identified and dissected RansomTurtle) explains, several safeguards have been put in place by Apple to prevent infection.
The first is Gatekeeper, a system process designed to ensure that only “trusted” software (that is to say accompanied by an identification certificate and validated by Apple) can run on a machine. To be infected, a user would have to consciously bypass this protection and allow the executable to carry out its mischief.
Then there’s the fact that macOS system files are read-only, so technically no software is allowed to modify them. Making a machine completely inoperable with software downloaded from the web is therefore technically complex. Many folders containing the user’s files are also protected, unless explicit consent from the owner of the machine is given.
A warning for the future
From a purely technical point of view, RansomTurtle therefore does not pose any immediate security concerns. Its design is somewhat shoddy and, unless you are particularly careless, it should not be possible to become infected. Patrick Wardle nevertheless explains that the existence of such ransomware should “make you think» and become aware of the risks that this type of threat can represent on macOS.
Indeed, before arriving on Apple machines, RansomTurtle had already started its existence on Windows and Linux, but the fact that there is now a version specially designed for macOS, and more precisely for Apple Silicon chips, shows although hacker interest in Mac continues to grow.
According to a report from the firm Accenture posted in the summer of 2023, the number of malicious hackers creating malware for macOS was 384 in 2021. By 2022, there were suddenly 2,143 and there are around 2,300 today. The price of popularity.
Source : Objective-See, Accenture
11