LockBit Ransomware is now targeting Apple macOS devices

The year 2022 marked a significant increase in the number of ransomware attacks globally. Since then, there has been no respite for individuals and organizations who have continued to fall prey to ransomware groups throughout 2023. With the increase in ransomware attacks, cybercriminals have continued to develop sophisticated and advanced techniques to execute their attacks.

One of the known and more prolific ransomware groups is LockBit. On April 5, 2023, alarming news emerged when it was discovered that LockBit had developed a macOS-based payload. This development represents the first time a big-game ransomware crew has targeted macOS devices with their malware. Here’s what we know so far:

Development of macOS Payload by LockBit

According to reports from cybersecurity researchers, additional samples identified by Vx-underground show that the macOS variant of LockBit ransomware has been around since November 11, 2022. The LockBit ransomware has been known for its attacks targeted at Windows devices since late 2019. The new development of a macOS-based payload expands the attack surface of the ransomware group, which now has the capability to target both Windows and macOS devices.

LockBit’s Emergence as a Major Threat in Ransomware Attacks

According to statistics released last week by Malwarebytes, LockBit emerged as the second most used ransomware in March 2023 after Cl0p. The increase in the use of LockBit indicates the growing influence and capabilities of the ransomware group.

Analysis of the LockBit macOS Payload

An analysis of the new macOS version reveals that it is still a work in progress, relying on an invalid signature to sign the executable. The payload packs in files like “autorun.inf” and “ntuser.dat.log”, suggesting that the ransomware sample was originally designed to target Windows.

Impact on Apple Silicon

While the macOS variant of LockBit has been designed to run on Apple Silicon, its impact is limited. Apple’s implementation of the ARM64 instruction set and the use of the M1 processor have posed a significant barrier for cybercriminals to run their malicious payloads on Apple devices. According to Patrick Wardle, a cybersecurity expert, “Yes, it can indeed run on Apple Silicon, but that is basically the extent of its impact.”

Apple’s Safeguards Against LockBit

Apple has implemented additional safeguards to protect macOS users from ransomware attacks. These include System Integrity Protection (SIP) and Transparency, Consent, and Control (TCC). System Integrity Protection aims to prevent malware from modifying critical system files, while Transparency, Consent, and Control seeks to provide the user with more control over the data that applications on their devices can access.

Active development of LockBit’s macOS encryptor

A LockBit representative has confirmed to Bleeping Computer that the macOS encryptor is “actively being developed”. This confirmation raises concerns that LockBit might pose a significant threat to Apple’s operating system. As the LockBit ransomware group continues to develop advanced techniques to carry out their attacks, it’s crucial for users to keep their devices updated, implement strong security measures, and stay vigilant for any signs of a ransomware attack.

The emergence of LockBit’s macOS payload highlights the need for organizations and individuals to remain proactive in protecting their devices from ransomware. With Apple’s implementation of additional safeguards, it is harder for cybercriminals to execute attacks on macOS devices. However, as LockBit continues to develop its macOS payload, it is vital to remain vigilant, implement strong security measures, and educate oneself on ransomware threats. By staying informed and taking necessary precautions, users can minimize the threat posed by LockBit and other ransomware groups.

Explore more

Can a Unified ERP System Future-Proof Levi Strauss?

Establishing a seamless digital environment for a brand that spans over a hundred nations is a monumental undertaking that requires more than just standard software updates. Currently, Levi Strauss & Co. is navigating a profound transformation of its digital infrastructure, aiming for a mid-2027 completion of a fully integrated global enterprise resource planning system. This strategic overhaul is not merely

Ethereum Faces $10 Billion Liquidation Risk Near $2,000

The current trajectory of Ethereum suggests a massive collision between aggressive retail speculation and sophisticated institutional sell-side pressure as the asset hovers near the $2,000 psychological threshold. This specific price point has historically served as a pivot for broader market sentiment, influencing the behavior of various decentralized finance protocols and secondary layer-two scaling solutions. Currently, the market exhibits a state

ClickLock Malware Coerces macOS Users to Surrender Passwords

Traditional macOS security architectures have long been celebrated for their robust sandboxing and gated execution, yet a new strain of malware is proving that the human element remains the most vulnerable entry point in any digital ecosystem. This threat, known as ClickLock, has emerged as a particularly aggressive evolution in the macOS threat landscape by prioritizing psychological pressure and social

Stalled Windows 11 Migration Poses Growing Security Risks

The global landscape of enterprise computing is currently grappling with a persistent digital divide as a significant segment of users continues to rely on Windows 10 despite the availability of more secure alternatives. The current ecosystem of digital infrastructure remains tethered to legacy architecture, with recent telemetry indicating that approximately one in six workstations worldwide continues to operate on Windows

How Is OpenAI Redefining AI With Precision Engineering?

The shift from experimental conversationalists to precise engineering tools has fundamentally altered the landscape of digital productivity and high-performance computing in 2026. This transition is marked by a move away from the early excitement surrounding generative models toward a rigorous framework centered on deep optimization and granular control. OpenAI has spearheaded this movement with the introduction of the GPT-5.6 Sol