Alienvault investigators and Fortinet have discovered a Ransomware-as-a-Service (RaaS) for macOS dubbed called MacRansom. This may be the first time cybercriminals offer such a service for Apple’s platforms.
Via RaaS, criminals can easily create ransomware, and often some of the revenue made by the cybercriminals will go to the ransomware developer.
Criminals which use this RaaS are still forced to spread the ransomware themselves. MacRansom uses symmetric encryption with so-called hardcoded encryption keys to encrypt files. According to researchers, this macOS ransomware is not as refined as other ransomware copies that have previously appeared for MAC operating systems.
Additionally, encrypted files can no longer be decrypted once the malware is stopped on the system. One of the encryption keys used will be removed from memory, which makes it much harder to develop a decryption tool.