New 'macOS NotLockBit' Ransomware Targets Apple Devices
Cybersecurity researchers have discovered a new ransomware threat targeting Apple's macOS devices. Dubbed 'macOS NotLockBit' by SentinelLabs, this malware masquerades as the notorious LockBit ransomware but is not associated with the real LockBit group.
Upon infecting a macOS device, the ransomware gathers system information and attempts to exfiltrate user data to a remote server. It then encrypts files, appending a '.abcd' extension, and attempts to display a LockBit 2.0 banner. This ransomware only runs on Intel Macs or Apple silicon Macs with Rosetta emulation software installed.
The 'macOS NotLockBit' ransomware does not use any LockBit builders and is not connected to the real LockBit group. The cyber threat actor behind this malware is experimenting with targeting Apple's macOS devices, a relatively uncharted territory for ransomware actors. The attackers are currently hindered by Apple's Transparency, Consent and Control (TCC) protections, which prevent unauthorized access to certain system resources.
The discovery of 'macOS NotLockBit' underscores the evolving threat landscape, with ransomware actors increasingly exploring new platforms. As macOS users, we must remain vigilant and ensure our systems are up-to-date and protected with robust security software.
