Ransomware:â¨Should You Worry? What Protective Steps Should You Take?
Malware makes headlines regularly these days. Although Macs are targeted far less than Windows PCs, Mac users still need to remain vigilant. A particularly serious type of malware is called âransomwareâ because once it infects your computer, it encrypts all your files and holds them for ransom.
Luckily, despite the virulence of ransomware in the Windows world, where there have been major infections of CryptoWall and WannaCry, only a few pieces of ransomware have been directed at Mac users:
The first, called FileCoder, was discovered in 2014. When security researchers looked into its code, they discovered that it was incomplete, and posed no threat at the time.â¨Â
The first fully functional ransomware for the Mac appeared in 2016, a bit of nastiness called KeRanger. It hid inside an infected version of the open source Transmission BitTorrent client and was properly signed so it could circumvent Appleâs Gatekeeper protections. As many as 6500 people may have been infected by KeRanger before Apple revoked the relevant certificate and updated macOSâs XProtect anti-malware technology to block it.â¨â¨â¨
In 2017, researchers discovered another piece of ransomware, called Patcher, which purported to help users download pirated copies of Adobe Premiere and Microsoft Office 2016. According to its Bitcoin wallet, no one had paid the ransom, which was good, since it had no way of decrypting the files it had encrypted.
So, donât worry too much. Because it is likely that malware authors will unleash additional Mac ransomware packages in the future, we encourage you to be aware, informed, and prepared.
First, letâs explain a few key terms and technologies. Appleâs Gatekeeper technology protects your Mac from malware by letting you launch only apps downloaded from the Mac App Store, or those that are signed by developers who have a Developer ID from Apple. Since malware wonât come from legitimate developers (and Apple can revoke stolen signatures), Gatekeeper protects you from most malware. However, you can override Gatekeeperâs protections to run an unsigned app. Do this only for apps from trusted developers. Even if you never override Gatekeeper, be careful what you download.
Appleâs XProtect technology takes a more focused approach, checking every new app against a relatively short list of known malware and preventing apps on that list from launching. Make sure to leave the âInstall system data files and security updatesâ checkbox selected in System Preferences > App Store. That ensures that youâll get XProtect updates. Similarly, install macOS updates and security updates soon after theyâre released to make sure youâre protected against newly discovered vulnerabilities that malware could exploit.
Also consider running anti-malware software like Malwarebytes Premium or Mac Internet Security X9. Thatâs not absolutely necessary, like anti-malware solutions are for Windows, but doing so can provide peace of mind, particularly if you regularly visit sketchy parts of the Internet or download dodgy software.
Although regular backups with Time Machine are usually helpful, KeRanger tried to encrypt Time Machine backup files to prevent users from recovering their data that way. Similarly, a bootable duplicate updated automatically by SuperDuper or Carbon Copy Cloner could end up replacing good files with encrypted ones from a ransomware-infected Mac, or a future piece of ransomware could try to encrypt other mounted backup disks as well.
The best protection against ransomware is a versioned backup made to a destination that can be accessed only through the backup app, such as an Internet backup service like Backblaze (home and business) or CrashPlan (business only). The beauty of such backups is that you can restore files from before the ransomware encrypted them. Of course, that assumes youâve been backing up all along.
If you ever are infected with ransomware, donât panic, and donât pay the ransom right away. Contact us so we can help you work through your options, which might involve restoring from a backup or bringing files back from older cloud storage versions. There are even decryptors for some Windows ransomware packages, and such utilities might appear for hypothetical Mac ransomware as well.
Feel overwhelmed by all these things to keep up with on your Mac? Contact us to set up a time to review your needs. Â And, to repeat, thereâs no reason to worry too much about ransomware on the Mac, but letting Appleâs XProtect keep itself up to date, staying current with macOS updates, and using an Internet backup service will likely protect you from what may come.














