Ransomware MacRansom for everyone: a new service RaaS for cyber criminals

Many users of macOS assumes that their computers are not vulnerable to ransomware. Of course the less likely it is that Apple hardware is attacked or infected than it is for Windows. This is, however, mainly due to the fact that more than 90% of personal computers running on MS Windows, and only 6% Apple macOS, by which they are more frequent target for cyber criminals.

Portal MacRansom

Professional services with Fortinet's FortiGuard Labs Fortinet found just another software category of Ransomware-as-a-service (RaaS), which uses the portal currently in the TOR network. In this case, more interesting, however, is that cyber criminals are attacking the operating system other than Windows. This may be the first time when RaaS applies to macOS.

Portal MacRansom in the TOR network

MacRansom is not accessible from the portal. To build the ransomware should contact its authors, who are as follows:

"We are engineers, Yahoo and Facebook. During the years of work as cybersecurity researchers discovered that the missing advanced malware'ów targeting users of macOS. As in recent years, Apple products are gaining in popularity, according to our tests – more people than ever before to macOS software. We believe that people need such programs, therefore, we have provided these tools free of charge. Unlike most hackers in darknecie we are professionals with extensive experience in software development and extensive interests in conducting the observation. You can rely on our software, how billions of users around the world rely on our products in the clearnecie. "

The authors also described the MacRansom its main features:

  • Invisible-software completely invisible to the average Mac user to the scheduled run time
  • Unbreakable encryption-128-bit encryption algorithm does not leave the victim other than to purchase a key decryptor
  • Discretion-once installed software will not leave traces that can be associated with you. It can be configured to launched at any time in the future, or when it is connected to an external data medium.
  • Speed – all the victim's files will be encrypted in less than a minute.

Also indicate, for whom this software is:

  • For people who want to discreetly take revenge on another Mac user.
  • For people who want an easy way to earn money from unsuspecting anything family members, friends, acquaintances, colleagues from school.

The authors explain:

"If you do not have the appropriate skills in social engineering to convince your target to download and click on the executable file, you must have physical access to your Mac. We can also make an additional cost to the program you can upload feature of the AirDrop and email. "

And describe how the whole process works:

  • Send us an email with the following messages:
    • The amount of bitcoins that victim would have to pay the equivalent of $500 minimum
    • The earliest time at which you want to run the program
    • Do you want to the program was started, when connected will be external, such as the media. USB drive
    • Generate a program and we will send it to you by email, you have to download it using the TOR browser
    • Move it to your USB drive
    • Get access to your Mac and run the program
    • Make sure that you see the message "Done" before closing the window
  • We will get back to you as soon as we receive a payment to the correct account bitcoin.

Click "Open" to agree on the launch of ransomware, which then requires pay 0.25 bitcoin (about 700 us dollars) ransom and sacrifice of [email protected] to decrypt the files.

Notification of ransomware.

There is no perfect way to prevent attacks ransomware. Their effects can be minimized by regular backup copies of important files, keeping the system and carefully going over the files from unknown sources. Anyone willing to take advantage of programs the Ransomware-as-a-service has to remember that there is no provided guarantees of anonymity. Jolanta Malak, regional sales manager Fortinet on Poland, Belarus and Ukraine explains that seemingly easy profit, which may seem the use of model RaaS may end up on a fast detection of crime and stay behind bars.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.