LockBit Ransomware is now targeting Apple macOS devices

The year 2022 marked a significant increase in the number of ransomware attacks globally. Since then, there has been no respite for individuals and organizations who have continued to fall prey to ransomware groups throughout 2023. With the increase in ransomware attacks, cybercriminals have continued to develop sophisticated and advanced techniques to execute their attacks.

One of the known and more prolific ransomware groups is LockBit. On April 5, 2023, alarming news emerged when it was discovered that LockBit had developed a macOS-based payload. This development represents the first time a big-game ransomware crew has targeted macOS devices with their malware. Here’s what we know so far:

Development of macOS Payload by LockBit

According to reports from cybersecurity researchers, additional samples identified by Vx-underground show that the macOS variant of LockBit ransomware has been around since November 11, 2022. The LockBit ransomware has been known for its attacks targeted at Windows devices since late 2019. The new development of a macOS-based payload expands the attack surface of the ransomware group, which now has the capability to target both Windows and macOS devices.

LockBit’s Emergence as a Major Threat in Ransomware Attacks

According to statistics released last week by Malwarebytes, LockBit emerged as the second most used ransomware in March 2023 after Cl0p. The increase in the use of LockBit indicates the growing influence and capabilities of the ransomware group.

Analysis of the LockBit macOS Payload

An analysis of the new macOS version reveals that it is still a work in progress, relying on an invalid signature to sign the executable. The payload packs in files like “autorun.inf” and “ntuser.dat.log”, suggesting that the ransomware sample was originally designed to target Windows.

Impact on Apple Silicon

While the macOS variant of LockBit has been designed to run on Apple Silicon, its impact is limited. Apple’s implementation of the ARM64 instruction set and the use of the M1 processor have posed a significant barrier for cybercriminals to run their malicious payloads on Apple devices. According to Patrick Wardle, a cybersecurity expert, “Yes, it can indeed run on Apple Silicon, but that is basically the extent of its impact.”

Apple’s Safeguards Against LockBit

Apple has implemented additional safeguards to protect macOS users from ransomware attacks. These include System Integrity Protection (SIP) and Transparency, Consent, and Control (TCC). System Integrity Protection aims to prevent malware from modifying critical system files, while Transparency, Consent, and Control seeks to provide the user with more control over the data that applications on their devices can access.

Active development of LockBit’s macOS encryptor

A LockBit representative has confirmed to Bleeping Computer that the macOS encryptor is “actively being developed”. This confirmation raises concerns that LockBit might pose a significant threat to Apple’s operating system. As the LockBit ransomware group continues to develop advanced techniques to carry out their attacks, it’s crucial for users to keep their devices updated, implement strong security measures, and stay vigilant for any signs of a ransomware attack.

The emergence of LockBit’s macOS payload highlights the need for organizations and individuals to remain proactive in protecting their devices from ransomware. With Apple’s implementation of additional safeguards, it is harder for cybercriminals to execute attacks on macOS devices. However, as LockBit continues to develop its macOS payload, it is vital to remain vigilant, implement strong security measures, and educate oneself on ransomware threats. By staying informed and taking necessary precautions, users can minimize the threat posed by LockBit and other ransomware groups.

Explore more

Compliance Drives Regulated B2B Influencer Marketing in 2026

The shifting landscape of digital authority has fundamentally transformed how enterprise-level organizations engage with industry experts and thought leaders across global markets. As the professional world moves deeper into this period of technological saturation, the superficial tactics of the past have been replaced by a rigorous commitment to transparency and legal precision. In earlier years, the simple inclusion of a

Transforming Voice of the Customer Into Predictive Action

Corporate boardrooms often overflow with real-time dashboards and complex analytics, yet many organizations still find themselves blindsided by sudden shifts in customer loyalty and market demand. While the technology to capture feedback has become ubiquitous, the structural ability to interpret and act upon that data in a meaningful timeframe remains remarkably rare for the average enterprise. Most traditional systems are

How Will Databricks CustomerLake Redefine Agentic Marketing?

The ongoing evolution of the digital landscape has forced a radical reconsideration of how enterprises capture, process, and ultimately utilize the vast oceans of consumer data generated every second of the day. Modern marketing departments have long struggled with the paradox of having too much information but not enough actionable insight to drive meaningful consumer interactions in real time. The

How Can Small Banks Compete With Global Financial Giants?

Nikolai Braiden has seen the evolution of financial architecture from its early blockchain roots to the current wave of institutional modernization, and today he joins us to dissect a pivotal shift in venture capital. With BankTech Ventures recently deploying $15 million into AI and stablecoin solutions, the landscape for regional banking is undergoing a profound transformation. Braiden’s perspective as an

Bullski Presale Tops the List of Best Meme Coins for 2026

The current cryptocurrency market in 2026 has transitioned into a highly sophisticated arena where institutional standards and community-driven viral momentum converge to create unique financial opportunities. Investors are no longer satisfied with speculative assets lacking fundamental safeguards, leading to a significant shift toward projects that prioritize technical transparency and structured growth. In this evolving landscape, the Bullski presale has emerged