LockBit ransomware is targeting Macs for the first time

Until now, the Apple ecosystem was thought to be immune to ransomware threats such as LockBit.

One of the most infamous ransomware strains, LockBit, has reportedly been spotted infecting Apple Mac devices for the first time, ever. 

Cybersecurity researchers from the MalwareHunterTeam tweeted (opens in new tab) about finding “locker_Apple_M1_64” – “the first Apple’s Mac devices targeting build of LockBit ransomware sample seen”. What’s more, the researchers believe this might be the first time a “big name” gang targeted a Mac.

While targeting M1-powered devices might make headlines, 9To5Mac (opens in new tab) also says that a LockBit ransomware build is also “showing up for PowerPC Macs”, as well.

LockBit is currently one of the most widely-used ransomware variants around today. Its creators are offering the locker as a service (Ransomware-as-a-Service, or RaaS), allowing different hacking groups to use the tool for a fee. 

Among its more recent victims is the space exploration company, SpaceX. In mid-March, hackers said to have breached one of the company’s suppliers, and through them, obtained SpaceX’s sensitive data, including thousands of drawings certified by SpaceX engineers.

On one occasion, one of LockBit’s affiliates also targeted SickKids, the Hospital for Sick Children. SickKids is a major pediatric teaching hospital located on University Avenue in Toronto, Canada, and Affiliated with the Faculty of Medicine of the University of Toronto. The group was later excommunicated by LockBit’s creators, who also issued an apology and released a free decryptor. 

The group was first discovered roughly three years ago, and is believed to be operating either out of the United States, or out of China. Most members of the groups are speaking Russian, however. 

So far, ransomware attacks were contained to mostly Windows devices, with an occasional expedition into Linux. The Apple ecosystem was mostly perceived as safe from ransomware, until now. Whether or not this LockBit variant motivates more threat actors to start targeting Mac endpoints (opens in new tab), remains to be seen. 

Leave a Reply