LockBit is a mostly Russian-speaking group that makes money from extortion software. Under the motto „Ransomware as a Service“, the internet criminals rent out their software on a commission basis, and now it seems that Mac users are also in the sights of the LockBit developers.
There is no specific reason for the panic that has already been declared on various internet platforms. While the extortion tools of LockBit have already proven to be a concrete threat under Windows and Linux for some time now, Mac users have nothing to fear for the time being. However, the fact that LockBit confirmed to BleepingComputer that a Mac version of their extortion software is currently being actively developed should make you sit up and take notice.
The trigger for the current discussions was a publication by the security researchers MalwareHunterTeam on Twitter. The tweet points out that they have got their hands on the first variant of LockBit ransomware targeting Macs. In particular, various versions were published that target current Mac models equipped with Apple processors as well as stone-old PowerPC systems.
Security researcher Patrick Wardle spent the weekend looking into this in detail and can currently give the expected all-clear. At least for the time being, the software does not pose any concrete threat to Mac users and it seems doubtful that the LockBit programmers will find a way to compromise standard installations of macOS. Without an official signature, macOS blocks the execution of the malware on the first start attempt.
In general, the effects of the variants of LockBit extortion software already published for other operating systems must not be underestimated. The programs encrypt the contents of storage media and the affected users only get their data back – if at all – if they meet the often horrendous ransom demands of the blackmailers.
Insbesondere wurden verschiedene Versionen veröffentlicht, die sowohl auf aktuelle Mac-Modelle mit Apple-Prozessoren als auch auf steinalte PowerPC-Systeme abzielen.
Der Sicherheitsforscher Patrick Wardle hat sich am Wochenende eingehend damit befasst und kann derzeit die erwartete Entwarnung geben. Zumindest vorerst stellt die Software keine konkrete Bedrohung für Mac-Nutzer dar und es erscheint zweifelhaft, dass die LockBit-Programmierer einen Weg finden werden, Standardinstallationen von macOS zu kompromittieren. Ohne eine offizielle Signatur blockiert macOS die Ausführung der Malware beim ersten Startversuch.
Generell dürfen die Auswirkungen der bereits für andere Betriebssysteme veröffentlichten Varianten der LockBit-Erpressersoftware nicht unterschätzt werden. Die Programme verschlüsseln den Inhalt von Speichermedien und die betroffenen Nutzer erhalten ihre Daten – wenn überhaupt – nur dann zurück, wenn sie die oft horrenden Lösegeldforderungen der Erpresser erfüllen.