LockBit ransomware encryptors discovered focusing on Mac units
The LockBit ransomware gang has created encryptors focusing on Macs for the primary time, seemingly turning into the primary main ransomware operation to ever particularly goal macOS.
The brand new ransomware encryptors have been found by cybersecurity researcher MalwareHunterTeam who discovered a ZIP archive on VirusTotal that contained what seems to be all the obtainable LockBit encryptors.
Traditionally, the LockBit operation makes use of encryptors designed for assaults on Home windows, Linux, and VMware ESXi servers. Nevertheless, as proven beneath, this archive [VirusTotal] additionally contained beforehand unknown encryptors for macOS, ARM, FreeBSD, MIPS, and SPARC CPUs.
These encryptors additionally embrace one named ‘locker_Apple_M1_64’ [VirusTotal] that targets the newer Macs working on the M1 Processor. The archive additionally incorporates lockers for PowerPC CPUs, which older Macs use.
Additional analysis by cybersecurity researcher Florian Roth discovered an Apple M1 encryptor uploaded to VirusTotal in December 2022, indicating that these samples have been floating round for a while.
Doubtless take a look at builds
BleepingComputer analyzed the strings within the LockBit encryptor for Apple M1 and located strings which are misplaced in a macOS encryptor, indicating that these have been seemingly haphazardly thrown collectively in a take a look at.
For instance, there are quite a few references to VMware ESXi, which is misplaced in an Apple M1 encryptor, as VMare introduced they might not be supporting the CPU architecture.
_check_esxi esxi_ _Esxi _kill_esxi_1 _kill_esxi_2 _kill_esxi_3 _kill_processes _kill_processes_Esxi _killed_force_vm_id _listvms _esxcfg_scsidevs1 _esxcfg_scsidevs2 _esxcfg_scsidevs3 _esxi_disable _esxi_enable
Moreover, the encryptor incorporates a listing of sixty-five file extensions and filenames that might be excluded from encryption, all of them being Home windows file extensions and folders.
A small snippet of the Home windows recordsdata the Apple M1 encryptor won’t encrypt is listed beneath, all misplaced on a macOS machine.
.exe .bat .dll msstyles gadget winmd ntldr ntuser.dat.log bootsect.bak autorun.inf thumbs.db iconcache.db
Virtually all the ESXi and Home windows strings are additionally current within the MIPs and FreeBSD encryptors, indicating that they use a shared codebase.
The excellent news is that these encryptors are seemingly not prepared for deployment in precise assaults towards macOS units.
Cisco Talos researcher Azim Khodjibaev advised BleepingComputer that primarily based on their analysis, the encryptors have been meant as a take a look at and have been by no means meant for deployment in reside cyberattacks.
Whereas Home windows has been probably the most focused working system in ransomware assaults, nothing prevents builders from creating ransomware that targets Macs.
The truth that they’re being examined signifies that extra superior and optimized encryptors for these CPU architectures may come sooner or later.
Subsequently, all laptop customers, together with Mac homeowners, ought to apply good on-line security habits, together with preserving the working system up to date, avoiding opening unknown attachments and executables, and utilizing robust and distinctive passwords at each web site you go to.