Alienvault investigators and Fortinet have discovered a Ransomware-as-a-Service (RaaS) for macOS dubbed called MacRansom. This may be the first time cybercriminals offer such a service for Apple’s platforms.
Via RaaS, criminals can easily create ransomware, and often some of the revenue made by the cybercriminals will go to the ransomware developer.
Criminals which use this RaaS are still forced to spread the ransomware themselves. MacRansom uses symmetric encryption with so-called hardcoded encryption keys to encrypt files. According to researchers, this macOS ransomware is not as refined as other ransomware copies that have previously appeared for MAC operating systems.
Additionally, encrypted files can no longer be decrypted once the malware is stopped on the system. One of the encryption keys used will be removed from memory, which makes it much harder to develop a decryption tool.
Also, the ransomware does not have the ability to communicate with a control server and exchange a copy of the encryption key.
It does not happen every day that we see ransomware for MAC operating systems, even though it is inferior to most ransomware for Windows, it encrypts victims files and prevents access to important files, causing real damage.