{"id":8124,"date":"2021-08-02T14:01:27","date_gmt":"2021-08-02T19:01:27","guid":{"rendered":"https:\/\/tcn.tidbits.com\/?p=8673"},"modified":"2021-08-02T14:57:18","modified_gmt":"2021-08-02T19:57:18","slug":"ransomware-is-on-the-rise-learn-how-to-protect-your-macs","status":"publish","type":"post","link":"https:\/\/www.macworks.com\/blog\/ransomware-is-on-the-rise-learn-how-to-protect-your-macs\/","title":{"rendered":"Ransomware Is on the Rise: Learn How to Protect Your Macs"},"content":{"rendered":"<p>In cybercriminal circles, ransomware is all the rage. Once it has infected a computer, it encrypts all the files and then presents a ransom demand\u2014pay up to get the decryption software necessary to recover the data.<\/p>\n<p>Ransomware has been in the news all year, with the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Colonial_Pipeline_ransomware_attack\" target=\"_blank\" rel=\"noopener\">Colonial Pipeline attack<\/a> in particular spending weeks in the headlines. Attacks rose 485% in 2020 and show no signs of abating. The amounts demanded by the attackers are increasing, too, with PC manufacturer <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/computer-giant-acer-hit-by-50-million-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">Acer<\/a> and Apple supplier Quanta both hit with $50 million demands. Worse, some ransomware attackers are adding an extortion component where they threaten to reveal confidential data if the victim doesn\u2019t pay. It\u2019s scary, we know.<\/p>\n<p>First, the good news. Although there are several examples of ransomware that target the Mac, none of them have been particularly well done or (as far as we know) successful. Right now, the chances of Macs falling prey to ransomware are very low, and there\u2019s no reason to panic.<\/p>\n<p>However, complacency is dangerous. There\u2019s a trend toward \u201cransomware as a service\u201d (RaaS). The RaaS operators maintain the ransomware malware, offer a payment portal for victims, and provide \u201ccustomer service\u201d for victims who don\u2019t know how to pay with Bitcoin or other cryptocurrencies. Affiliates spread the ransomware and split the revenues with the operators. It\u2019s a tidy little cybercriminal enterprise, and separating the malware development and network penetration tasks has made it significantly easier for more criminals to leverage ransomware. It\u2019s only a matter of time before they turn their attention to Macs.<\/p>\n<p>For the most part, protecting your Macs from ransomware is no different than protecting against any number of other security problems. Follow this core advice:<\/p>\n<ul>\n<li><b>Keep Macs and apps up to date:<\/b> Always install macOS and security updates, and keep other apps up to date. With every update, Apple addresses numerous security vulnerabilities, fixing the vast majority of them before attackers can exploit them with malware. Every so often, however, Apple\u2019s security notes include this sentence: \u201cApple is aware of a report that this issue may have been actively exploited.\u201d That means there may be malware that targets that vulnerability; install such updates immediately!<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\" wp-image-8678 alignnone\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/ransomware-is-on-the-rise-learn-how-to-protect-your-macs.png\" alt=\"\" width=\"579\" height=\"209\" \/><\/li>\n<li><b>Use strong passwords with a password manager:<\/b> You\u2019ve heard it from us before, and you\u2019ll hear it again, but it\u2019s essential that everyone in your organization use strong, unique passwords through a password manager like <a href=\"https:\/\/1password.com\/\" target=\"_blank\" rel=\"noopener\">1Password<\/a>, <a href=\"https:\/\/www.lastpass.com\/\" target=\"_blank\" rel=\"noopener\">LastPass<\/a>, or even Apple\u2019s <a href=\"https:\/\/support.apple.com\/en-us\/HT204085\" target=\"_blank\" rel=\"noopener\">iCloud Keychain<\/a>. Just one weak password could allow attackers to infiltrate a computer or server and install ransomware.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\" wp-image-8674 alignnone\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/ransomware-is-on-the-rise-learn-how-to-protect-your-macs-1.png\" alt=\"\" width=\"885\" height=\"508\" \/><\/li>\n<li><b>Be suspicious of links and attachments:<\/b> Ensure that everyone in your organization is careful about opening attachments or clicking links in email messages from unknown people or that seem off in some way. Phishing attacks are one of the primary ways of distributing malware. (If your group needs training in phishing awareness, contact us.)<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8675 alignnone\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/ransomware-is-on-the-rise-learn-how-to-protect-your-macs-2.png\" alt=\"\" width=\"886\" height=\"349\" \/><\/li>\n<li><b>Never download pirated software!<\/b> Even aside from the fact that it\u2019s ethically problematic, the most recent piece of Mac ransomware\u2014ThiefQuest\u2014was initially found in a malicious installer purporting to be for the LittleSnitch network security utility (ironic, eh?). Get apps only from the developers\u2019 official sites or the Mac App Store.<\/li>\n<li><b>Make frequent backups:<\/b> Backups are essential so, even if you do fall prey to ransomware, you can restore data from before the infection point. The caveat is that some of your backups <i>must<\/i> be isolated from the Macs in question\u2014some ransomware intentionally tries to encrypt or delete connected backups.<\/li>\n<li><b>Monitor for ransomware:<\/b> Although ransomware usually tries to stay below the radar while it\u2019s encrypting files, the free <a href=\"https:\/\/objective-see.com\/products\/ransomwhere.html\" target=\"_blank\" rel=\"noopener\">RansomWhere<\/a> utility can identify processes that quickly create encrypted files. It will likely incorrectly flag some legitimate behavior too <span style=\"font-weight: 400;\">(like in the screenshot below)<\/span>, but it\u2019s still a helpful tool.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-8679 alignnone\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/ransomware-is-on-the-rise-learn-how-to-protect-your-macs-3.png\" sizes=\"auto, (max-width: 262px) 100vw, 262px\" srcset=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/ransomware-is-on-the-rise-learn-how-to-protect-your-macs-3.png 262w, https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/ransomware-is-on-the-rise-learn-how-to-protect-your-macs-5.png 182w\" alt=\"\" width=\"262\" height=\"432\" \/><\/li>\n<li><b>Have anti-malware software:<\/b> For the most part, if you\u2019re careful about following the advice above, you\u2019ll be fine. But it\u2019s a good idea to have a current anti-malware app around and run it occasionally\u2014if you don\u2019t already have one, try the free version of <a href=\"https:\/\/www.malwarebytes.com\/\" target=\"_blank\" rel=\"noopener\">Malwarebytes<\/a>. If you\u2014or your users\u2014aren\u2019t good about the basic precautions, you might want to run anti-malware software all the time or set up broader network protections.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8676 alignnone\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/ransomware-is-on-the-rise-learn-how-to-protect-your-macs-4.png\" alt=\"\" width=\"703\" height=\"498\" \/><\/li>\n<li><b>Have a disaster management plan:<\/b> Every business should think about how it would react to a fire, flood, earthquake, or other disaster. When building a disaster management plan, be sure to include ransomware. How would you shut down infected systems, rebuild them from scratch, and restore uninfected files?<\/li>\n<\/ul>\n<p>Setting up a backup strategy that protects against ransomware requires a little more thought. As noted, ransomware often tries to render backups useless in one way or another. You need to have versioned backups that allow you to restore from before the ransomware infection, and those backups need to be isolated from the computers and network being backed up. Techniques that help include:<\/p>\n<ul>\n<li><b>Isolate backup drives:<\/b> Rotate multiple Time Machine drives, with at least one that\u2019s always disconnected. However, this strategy assumes you\u2019ll detect a ransomware infection before you\u2019ve rotated all the drives. Ransomware could lie undetected for weeks or months before activating. Manually run current anti-malware software before connecting any backup drive.<\/li>\n<li><b>Use Internet backup:<\/b> Set up an Internet backup system that will maintain versions of backed-up files, such as <a href=\"https:\/\/www.backblaze.com\/\" target=\"_blank\" rel=\"noopener\">Backblaze<\/a> with its <a href=\"https:\/\/www.backblaze.com\/version-history.html\" target=\"_blank\" rel=\"noopener\">Extended Version History<\/a> feature. <a href=\"https:\/\/www.retrospect.com\/en\/ransomware\" target=\"_blank\" rel=\"noopener\">Retrospect 18<\/a> also supports object locking on cloud storage systems, which provides <i>immutable storage<\/i>. It ensures that no one\u2014even someone who acquires root credentials\u2014can delete the backups during the retention period.<\/li>\n<li><b>Consider tape backups:<\/b> Long ago, tape backups were the go-to solution for network backups, but as the price-per-gigabyte of hard drives dropped precipitously and Internet backups became feasible, tape has largely fallen by the wayside. But tape backups are still an option. They can hold a lot of data and are easily kept offline in a separate location. Plus, some tape drives can even operate in a write-once, read-many (WORM) mode that guarantees data can\u2019t be erased or overwritten. Tape requires more human interaction than other backup methods, but it\u2019s still a cost-effective way to protect hundreds of terabytes of data against ransomware.<\/li>\n<\/ul>\n<p>Again, there\u2019s no reason to panic about ransomware, but if it could significantly damage your business, you should take steps to reduce the chance of getting hit and ensure that you could restore your data if your computers were to get infected. There is no single approach that\u2019s ideal for everyone, but we can help you think about what\u2019s involved and develop a strategy that balances protection, cost, and effort.<\/p>\n<p>(Featured image by iStock.com\/chainatp)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In cybercriminal circles, ransomware is all the rage. Once it has infected a computer, it encrypts all the files and then presents a ransom demand\u2014pay up to get the decryption software necessary to recover the data. Ransomware has been in the news all year, with the Colonial Pipeline attack in particular spending weeks in the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":8125,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,69,106,25,112,185,104],"tags":[],"class_list":["post-8124","post","type-post","status-publish","format-standard","has-post-thumbnail","category-apple","category-apple-consulting-ct","category-apple-support-ct","category-mac","category-mac-support-ct","category-mactech","category-security"],"_links":{"self":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/comments?post=8124"}],"version-history":[{"count":1,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8124\/revisions"}],"predecessor-version":[{"id":8129,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8124\/revisions\/8129"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/media\/8125"}],"wp:attachment":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/media?parent=8124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/categories?post=8124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/tags?post=8124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}