The LockBit ransomware organization has become one of the more high-profile cybersecurity threats this decade. The Ransomware-as-a-Service model they provide has created headlines for everything from attacks on Foxconn and Accenture, to even apologizing on behalf of a “partner” who used their service kit to attack a Canadian pediatric teaching and research hospital.  Now, they’re in the news again because it looks as though they have developed an encryptor that targets devices running macOS Operating Systems.

For as popular as Macs are, attackers usually don’t bother creating malware for them because they’re much less prevalent than Windows or Linux systems. That is all believed to be changing now as Researchers at MalwareHunterTeam have discovered samples of ransomware encryptors that appear to be targeting newer Macs running Apple processors and older Macs running Apple’s PowerPC chips.

For now, it appears that LockBit Mac ransomware is more tinkering and experimentation than anything actually ready to be deployed, however the fact that it’s out there suggests that much worse is just around the corner.  As more and more organizations adopt a Mac environment, the appeal to attack these devices will increase as well.

“It’s unsurprising but concerning that a large and successful ransomware group has now set their sights on macOS,” said Patrick Wardle, Mac security researcher and Objective-See Foundation Founder. “It would be naïve to assume that LockBit won’t improve and iterate on this ransomware, potentially creating a more effective and destructive version.”

Wardle notes that macOS, because they appear to be in their infancy, have fundamental development issues like crashing when they’re launched.

“In some sense, Apple is ahead of the threat, as recent versions of macOS ship with a myriad of built-in security mechanisms aimed to directly thwart, or at least reduce the impact of ransomware attacks. However, well-funded ransomware groups will continue to evolve their malicious creations,” he continues.

Although it’s much more lucrative to target Windows-based machines, it does feel like a shift is happening. As more organizations adopt Mac-based environments, ransomware groups will determine whether the time and resources spent on developing malware for these systems are worth the revenue they’ll generate.

Story via WIRED