Security researchers find LockBit ransomware can target macOS devices

It may be the first time a major ransomware provider has gone after Apple computers.

Devindra Hardawar/Engadget

One of the most notorious ransomware gangs appears to have recently begun targeting Mac computers for the first time. In a series of tweets spotted by 9to5Mac, a group of security researchers known as the MalwareHunterTeam said on Saturday they recently found evidence of a Lockbit ransomware build designed to compromise macOS devices. As far as the group is aware, Saturday’s announcement marks the first public notice that Lockbit’s ransomware could be used against Apple computers, though it appears the gang has offered that capability since last fall.

“I think this is the first time one of the major ransomware players has taken aim at Apple’s OS,” security analyst Brett Callow said, pointing to the significance of the disclosure. As 9to5Mac notes, the LockBit gang has historically focused on Windows, Linux and virtual host machines. The reason being those operating systems are overwhelmingly used by the businesses the group’s partners target. For those who don’t know, the Lockbit gang runs what’s known as a “ransomware-as-a-service” operation. The group doesn’t directly involve itself in the business of extracting ransoms from businesses. What it does do is build and maintain the malware affiliates can pay to use against an organization. According to an indictment the US Department of Justice unsealed last fall, LockBit is “one of the most active and destructive ransomware variants in the world." As of late 2022, the software has infected the computer systems of at least 1,000 victims, including a Holiday Inn hotel in Turkey. It’s believed the gang’s partners have claimed tens of millions of dollars from victims.