Malware News macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,367
Last week, researchers at Trend Micro published a report on a macOS malware sample that had credible file locking and data exfiltration capabilities and masqueraded as LockBit ransomware on successful encryption of a user’s files. Until now, ransomware threats for Mac computers had been at best ‘proof of concept’ and at worst entirely incapable of succeeding at their apparent aim. Interestingly, despite one of the more credible previous attempts being from LockBit itself, this latest discovery appears to be an entirely different threat actor appropriating the name of a more notorious one. Since earlier researchers did not give a specific threat name for the sample they reported, we have dubbed the malware ‘macOS.NotLockBit’.
...
Conclusion

Ransomware on macOS remains a small and still unlikely threat, but it is apparent that threat actors have understood that the double extortion method that works so well on other platforms—essentially, infostealers combining with file lockers—is equally viable on Apple’s desktop platform. Regardless of whether the file encryption succeeds or not, or whether users have adequate backups, bad actors seek to profit from stolen victim data.

The NotLockBit malware appears to be very much in development. For now, the threat actor’s AWS accounts have been removed and there are no known victims or distribution methods in the wild. Given the amount of development that has gone into this threat so far, we would be surprised not to see more from this actor in the short to medium term.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top