One of the most notorious ransomware gangs seems to have recently started attacking Mac computers for the first time. In a series of tweets detected by 9to5Maca group of security researchers known as the MalwareHunterTeam said on Saturday that they recently found evidence of a Lockbit ransomware build designed to compromise macOS devices. As far as the group is aware, Saturday’s announcement marks the first public notice that Lockbit ransomware could be used against Apple computers, though it appears the gang has offered that capability since last fall.
“box_Apple_M1_64”: 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
As far as I can tell, this is the first Apple Mac device targeting the LockBit ransomware sample build seen…
Is this also the first time for the “big name” gangs?
🤔@patrickwardle
DC @cyb3rops pic.twitter.com/SMuN3Rmodl— MalwareHunterTeam (@malwrhunterteam) April 15, 2023
“I think this is the first time that a major ransomware player has targeted Apple’s operating system,” security analyst. Brett Callow said, noting the importance of disclosure. As 9to5Mac notes, the LockBit gang has historically focused on Windows, Linux, and virtual host machines. The reason is that those operating systems are overwhelmingly used by the companies that the group partners target. For those unaware, the Lockbit gang runs what is known as a “ransomware-as-a-service” operation. The group is not directly involved in the business of extracting bailouts from companies. What it does is build and maintain malware that affiliates can pay to use against an organization. According to an indictment unsealed by the US Department of Justice last fall, LockBit is “one of the most active and destructive ransomware variants in the world.” As of late 2022, the software has infected the computer systems of at least 1,000 victims, including a Holiday Inn Hotel in Turkey. Gang associates are believed to have claimed tens of millions of dollars from the victims.
