MAC OS is not Ransomware proof
By Brian Cowan
For all of those MAC OS Users out there who thought they were safe during the recent Ransomware attacks on Windows devices…some bad news. Security researchers at Fortinet have discovered a variant designed to target MAC systems
Malware for sale
The author of this malware appears to be happy to chat about it. The software is for sale to anyone wishing to launch an attack and can be configured to meet their requirements. This includes setting a time for the attack to commence. With this capability, the malware would be used for a targeted, malicious attack at a critical time for a business rather than “spray and pray”.
The implication is that a would-be attacker may seek financial gain through the usual Bitcoin route. However, there is also a chance that the attacker could be on a “revenge mission” and more intent on the disruptive capabilities of the malware.
How it works on MAC OS
There is a good article on the Fortinet blog, describing the processes that the malware undertakes to establish itself on the MAC target. Then the encryption can commence at a time set by the author. The blog also catalogues the dialogue that took place to secure a copy of the malware.
As per traditional Ransomware attacks, files are encrypted (up to 128 with this variant) and the ransom message is delivered. The demand has been observed as 0.25 bitcoin (approximately £550), not a huge amount but there is a large target audience out there.
As with Windows malware, the best method of prevention is education. The malware has to enter the organisation via electronic means, training the Users what to look for can reduce risk significantly. Implementing the Cyber Essentials program is a great way of delivering this training in a structured and informative way.
With the introduction of EU GDPR in May 2018, all organisations must take action to protect the personal information that they hold. This should be addressed in a “top-down” with:
- Senior management understanding of the new regulations and how they affect their business
- Introduction of Corporate IT policies that staff are aware of and sign up to
- Staff Training to ensure that the policies can be understood and complied with
- Procedures to implementation in the event of a cyber attack, both operationally and technically.
Planning for an attack
If a piece of malware gets onto your network and starts encrypting systems, you will need a recovery plan. Having a good backup solution and a tested recovery plan can reduce a malware infection to an irritation rather than a threat to the business.
A good business recovery solution would typically include:
- Frequent, recoverable backups. Modern backup tools using changed block tracking can take backups during the working day without disrupting work
- Ability to select from a list of backups so that recovery can be made from a known good copy
- Recovery options including starting up a failed server on the backup device before restoring
- Copies of backups held offsite to support Disaster Recovery, should the primary site be unavailable
For more information on cyber protection and business recovery please call Keytech on 01942-311150.