LockBit Ransomware is now targeting Apple macOS devices

The year 2022 marked a significant increase in the number of ransomware attacks globally. Since then, there has been no respite for individuals and organizations who have continued to fall prey to ransomware groups throughout 2023. With the increase in ransomware attacks, cybercriminals have continued to develop sophisticated and advanced techniques to execute their attacks.

One of the known and more prolific ransomware groups is LockBit. On April 5, 2023, alarming news emerged when it was discovered that LockBit had developed a macOS-based payload. This development represents the first time a big-game ransomware crew has targeted macOS devices with their malware. Here’s what we know so far:

Development of macOS Payload by LockBit

According to reports from cybersecurity researchers, additional samples identified by Vx-underground show that the macOS variant of LockBit ransomware has been around since November 11, 2022. The LockBit ransomware has been known for its attacks targeted at Windows devices since late 2019. The new development of a macOS-based payload expands the attack surface of the ransomware group, which now has the capability to target both Windows and macOS devices.

LockBit’s Emergence as a Major Threat in Ransomware Attacks

According to statistics released last week by Malwarebytes, LockBit emerged as the second most used ransomware in March 2023 after Cl0p. The increase in the use of LockBit indicates the growing influence and capabilities of the ransomware group.

Analysis of the LockBit macOS Payload

An analysis of the new macOS version reveals that it is still a work in progress, relying on an invalid signature to sign the executable. The payload packs in files like “autorun.inf” and “ntuser.dat.log”, suggesting that the ransomware sample was originally designed to target Windows.

Impact on Apple Silicon

While the macOS variant of LockBit has been designed to run on Apple Silicon, its impact is limited. Apple’s implementation of the ARM64 instruction set and the use of the M1 processor have posed a significant barrier for cybercriminals to run their malicious payloads on Apple devices. According to Patrick Wardle, a cybersecurity expert, “Yes, it can indeed run on Apple Silicon, but that is basically the extent of its impact.”

Apple’s Safeguards Against LockBit

Apple has implemented additional safeguards to protect macOS users from ransomware attacks. These include System Integrity Protection (SIP) and Transparency, Consent, and Control (TCC). System Integrity Protection aims to prevent malware from modifying critical system files, while Transparency, Consent, and Control seeks to provide the user with more control over the data that applications on their devices can access.

Active development of LockBit’s macOS encryptor

A LockBit representative has confirmed to Bleeping Computer that the macOS encryptor is “actively being developed”. This confirmation raises concerns that LockBit might pose a significant threat to Apple’s operating system. As the LockBit ransomware group continues to develop advanced techniques to carry out their attacks, it’s crucial for users to keep their devices updated, implement strong security measures, and stay vigilant for any signs of a ransomware attack.

The emergence of LockBit’s macOS payload highlights the need for organizations and individuals to remain proactive in protecting their devices from ransomware. With Apple’s implementation of additional safeguards, it is harder for cybercriminals to execute attacks on macOS devices. However, as LockBit continues to develop its macOS payload, it is vital to remain vigilant, implement strong security measures, and educate oneself on ransomware threats. By staying informed and taking necessary precautions, users can minimize the threat posed by LockBit and other ransomware groups.

Explore more

Ethereum Uses AI Swarms to Proactively Patch Network Flaws

The architectural integrity of global decentralized networks has reached a pivotal juncture where the speed of malicious exploitation often outpaces the traditional cadence of human-led security audits. To address this widening gap, The Ethereum Foundation has fundamentally transitioned its security strategy from a reactive model to an automated, proactive defense paradigm that leverages the power of machine learning. This shift

How Is ERP Modernization Driving DLA to Audit Readiness?

The Defense Logistics Agency currently manages an intricate global supply chain that serves as the backbone for the United States military, requiring an unprecedented level of financial precision and operational transparency to meet modern oversight requirements. This massive undertaking involves a transition from aging, siloed legacy systems to a unified Enterprise Resource Planning environment designed to provide real-time visibility into

What Makes Odyssey Infostealer a Global Threat to macOS?

The long-standing myth that macOS remains immune to sophisticated cyberattacks has been decisively shattered by the emergence of the Odyssey infostealer, a highly specialized malware variant engineered to bypass modern system integrity protections. This transition represents a fundamental shift in the threat landscape, where the historical security-by-obscurity advantage once enjoyed by Apple users has entirely vanished. As the adoption of

Can AI Secure Windows Without Compromising Stability?

The sheer scale of modern software development has reached a point where manual code review is no longer sufficient to protect the billions of devices running Windows across the globe. As lines of code multiply and interdependencies become more complex, traditional security measures are struggling to keep pace with the rapid evolution of sophisticated digital threats. In response to this

Xero Launches JAX to Redefine Accounting with Agentic AI

Small business owners have historically spent an exhausting amount of time tethered to spreadsheets and receipts, but the emergence of agentic AI is finally turning those static records into a living, breathing financial command center that operates with minimal human oversight. With more than five million global subscribers now integrated into its ecosystem, Xero is spearheading a movement toward Accountable