LockBit ransomware encryptors discovered focusing on Mac units

Ad - Web Hosting from SiteGround - Crafted for easy site management. Click to learn more.

The LockBit ransomware gang has created encryptors focusing on Macs for the primary time, seemingly turning into the primary main ransomware operation to ever particularly goal macOS.

The brand new ransomware encryptors have been found by cybersecurity researcher MalwareHunterTeam who discovered a ZIP archive on VirusTotal that contained what seems to be all the obtainable LockBit encryptors.

Traditionally, the LockBit operation makes use of encryptors designed for assaults on Home windows, Linux, and VMware ESXi servers. Nevertheless, as proven beneath, this archive [VirusTotal] additionally contained beforehand unknown encryptors for macOS, ARM, FreeBSD, MIPS, and SPARC CPUs.

Archive of available LockBit encryptors
Archive of accessible LockBit encryptors
Supply: BleepingComputer

These encryptors additionally embrace one named ‘locker_Apple_M1_64’ [VirusTotal] that targets the newer Macs working on the M1 Processor. The archive additionally incorporates lockers for PowerPC CPUs, which older Macs use.

Additional analysis by cybersecurity researcher Florian Roth discovered an Apple M1 encryptor uploaded to VirusTotal in December 2022, indicating that these samples have been floating round for a while.

Doubtless take a look at builds

BleepingComputer analyzed the strings within the LockBit encryptor for Apple M1 and located strings which are misplaced in a macOS encryptor, indicating that these have been seemingly haphazardly thrown collectively in a take a look at.

For instance, there are quite a few references to VMware ESXi, which is misplaced in an Apple M1 encryptor, as VMare introduced they might not be supporting the CPU architecture.


Moreover, the encryptor incorporates a listing of sixty-five file extensions and filenames that might be excluded from encryption, all of them being Home windows file extensions and folders.

A small snippet of the Home windows recordsdata the Apple M1 encryptor won’t encrypt is listed beneath, all misplaced on a macOS machine.


Virtually all the ESXi and Home windows strings are additionally current within the MIPs and FreeBSD encryptors, indicating that they use a shared codebase.

The excellent news is that these encryptors are seemingly not prepared for deployment in precise assaults towards macOS units.

Cisco Talos researcher Azim Khodjibaev advised BleepingComputer that primarily based on their analysis, the encryptors have been meant as a take a look at and have been by no means meant for deployment in reside cyberattacks.

Whereas Home windows has been probably the most focused working system in ransomware assaults, nothing prevents builders from creating ransomware that targets Macs.

The truth that they’re being examined signifies that extra superior and optimized encryptors for these CPU architectures may come sooner or later.

Subsequently, all laptop customers, together with Mac homeowners, ought to apply good on-line security habits, together with preserving the working system up to date, avoiding opening unknown attachments and executables, and utilizing robust and distinctive passwords at each web site you go to.

Ad - WooCommerce hosting from SiteGround - The best home for your online store. Click to learn more.

#LockBit #ransomware #encryptors #focusing on #Mac #units

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *