LockBit ransomware encryptors found targeting Mac devices

LockBit ransomware encryptors found targeting Mac devices

Researchers at MalwareHunterTeam uncovered a ZIP archive on VirusTotal that was found to contain encryptors for devices running macOS. 

What is LockBit ransomware?

LockBit is the name of a ransomware targeting Mac Operating Systems (OSes). It is associated with the LockBit ransomware gang – the developers of LockBit, LockBit 2.0, LockBit 3.0, and various other variants. The aforementioned malware target Windows, Linux, and VMware ESXi servers.

The VirusTotal archive examined by researchers was also found to contain encryptors for CPUs used on older Mac devices. 

It also contains some targeting PowerPC CPUs commonly used in older Macs.

Previously, the LockBit campaign used encryptors designed for Windows, Linux, and VMware ESXi servers.

A small snippet of the Windows files the Apple M1 encryptor will not encrypt is listed below, all out of place on a macOS device.

.exe
.bat
.dll
msstyles
gadget
winmd
ntldr
ntuser.dat.log
bootsect.bak
autorun.inf
thumbs.db
iconcache.db

MacOS cybersecurity expert Patrick Wardle further confirmed this theory, stating that the encryptor is far from complete as it is missing the required functionality to encrypt Macs properly. Wardle believes the macOS encryptor is based on the Linux version and compiled for macOS with some basic configuration settings, and that when launched, it crashes due to a buffer overflow bug in its code.

LockBitSupp told Bleeping Computer on Sunday that the group’s Mac encryptor is “actively being developed.”

Whether its macOS tests are anything more than a half-baked experiment or an empty PR move remains unclear.

 “In some sense, Apple is ahead of the threat, as recent versions of macOS ship with a myriad of built-in security mechanisms aimed to directly thwart, or at least reduce the impact of, ransomware attacks,” Wardle says. 

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!