If you’ve been relying on the fact that you are running MacOS to keep you safe, you aren’t alone. But, if it wasn’t obvious before that this was a bad idea, it should be now. Ransomware has recently been discovered to be targeting MacOS.

If you or your tech team are interested in the technical details, it was originally identified by Dinesh Devadoss and there are excellent write-ups of the technical details by Thomas Reed at Malwarebytes Labs and Patrick Wardle at Objective-See. Here are the highlights:

• It seems to be distributed through fake installers. So, make sure that your team is only allowed to install approved software. If you don’t have a software management system in place, reach out to us and we’ll help you get something in place.
• The data is most likely lost once the ransomware is installed. There doesn’t seem to be any mechanism that links payments to infected machines, so you should assume that your data is lost. That means you should have a good backup solution in place and be prepared to use it. 
• There appear to be some reverse shell capabilities. That means that once there is an infected machine on your network, it is possible that it could be exploited to access other systems and spread the infection. Don’t wait around if you have an infection. Disconnect it from the network. 
• Data extraction appears to be the primary goal. That means that the perpetrators aren’t just encrypting machines to get paid, like with traditional ransomware. They are stealing the data. So, if you deal with payment cards or personal data, you could have a reportable breach.

Most businesses aren’t prepared to handle a ransomware infection. If you aren’t confident that you are prepared to handle one, you probably aren’t. Reach out to us and we’ll get you prepared.