17 January 2020
Ransomware is one of the most significant threats facing individuals and businesses today!
Just look at some of the stats:
- Ransomware is growing at a rate of 350% each year.
- Between June 2017 and June 2018, 257 new ransomware families were identified.
- In 2018, 204 million ransomware attacks cost businesses more than $8 billion.
- In 2018, over 77% of the businesses affected by ransomware were using up-to-date protection.
Mac users are often told they don’t need antivirus apps because MacOS is secure. But is that true? We asked security experts for their opinions on the matter.
With ransomware rapidly growing and becoming increasingly sophisticated, Mac ransomware is also on the increase.
- Jan 19, 2021 A quick and efficient antivirus app is a vital tool for keeping your Mac safe. You need antivirus software for protection, but remember that it’s not a cure-all solution. You must also practice.
- I aways thought I need not be concerned. Been exclusively Mac since 1985, and never had a serious problem. Then one day last year my MacBook Pro fans were going crazy.
While the majority of ransomware attacks in 2019 were focused on high-value business targets - you could still become a victim.
That's why you need the best ransomware protection for your Mac, along with this two-pronged approach to ensuring the best security:
- Proactively protect your Mac
- Make sure you can quickly recover if you are a victim.
To begin with, what is ransomware, and how does it infect Mac computers?
What is Ransomware and How Does It Work?
Simply put, ransomware on Mac extorts individuals or businesses for financial gain.
Ransomware is a malware attack where perpetrators threaten to expose your online activity, publish personal data online, or encrypt files and deny access unless you pay a ransom.
Your files - or entire device - is held hostage until you pay the ransom and receive a decryption key.
Like other forms of malware, extortionists push ransomware to individual computers through:
- Compromised vendors
- Malicious online advertising
- Phishing emails
- free. software downloads
- Social media attachments
- Unpatched programs
Ransomware can quickly spread across a network, encrypting mapped and unmapped network drives. The result is one infected user bringing an entire organization to a halt, with massive implications depending on the type of organization attacked.
How Much Do They Want?
Ransoms start around $300-$500 for individuals, but amounts of $50,000-$400,000 - or more - are typical for businesses who have more to lose. Because of the impact on their services and clients, healthcare institutions are often targeted by ransomware.
What Should You Do?
Designed to prey on your fears, ransomware perpetrators want you to panic and pay the ransom before you've stopped and thought things through. That's why it's essential to follow these steps carefully:
- Stop
- Breathe
- Stay calm
- Don't panic
- Think
Can Macs be Infected with Ransomware?
Yes.
Do I Need A Security Program For My Mac Os
While it's true that Mac computers are less likely to be attacked than Windows PCs, they are not any more resistant to malware attacks. In fact, the threat of Mac malware increased by 60% in just the last quarter of 2018.
While adware is the most popular form of malware, ransomware is the most stressful and frustrating once it's infected your Mac. That's why you need an excellent anti-ransomware for Mac strategy.
What are the Most Common Mac Ransomware?
Although relatively few compared to Windows, there have been several examples of ransomware affecting Macs, along with their derivatives which continue to appear in various forms. These include:
- FBI/MoneyPak scam (2013): Targeting Mac's Safari browser, a fake FBI web page appeared, locking the user out of the Mac until a $300 fine was paid. If the user force-quit Safari, the ransomware would simply reload itself the next time Safari was launched.
- FileCoder (June 2014): Although FileCoder displays a window demanding a ransom, it does not actually encrypt files and is, therefore, relatively harmless.
- KeRanger (March 2016): Hidden within an authorized update of the Transmission BitTorrent client and signed with an authorized security certificate, KeRanger isn't blocked by macOS Gatekeeper. It encrypts files and demands one BitCoin as a ransom. According to Macworld, “KeRanger appears to be still under active development,” and is, therefore, still an active threat.
- Filezip, aka Patcher (February 2017): Impersonating a patcher app (an app that provides access to commercial software without the user purchasing a license), Filezip encrypted the user's files and demanded a ransom of 0.25 BitCoin. The data could not be decrypted by Filezip, so paying the ransom was pointless.
- Ransomware-as-a-Service (RaaS): Sold on the dark web, RaaS is a subscription-based or profit-sharing service that allows a cybercriminal to launch a ransomware attack quickly with little effort or experience.
While cybercriminals will continue to create and launch new forms of ransomware, it’s comforting to know that scary Windows ransomware like WannaCry cannot infect your Mac.
How Do I Know if My Mac is Infected with Ransomware?
That's easy!
A screen will pop up on your Mac, announcing that your files are being held hostage until you pay a ransom. The display will state how much you need to pay, methods of payment, and by when the ransom be paid. It may also say what will happen if you do not pay within the required time.
What Do I Do if My Mac is Infected with Ransomware?
First of all, stay calm and don't panic.
Don't be in a rush to pay the ransom until you've thought things through and done your research, including rereading this article and contacting MacUpdate Support. We’ll do our best to help resolve the situation and recover your data.
Forums that you may want to visit should include the following:
Once that's done, follow these steps:
Isolate the infected device: Disconnect all infected machines from the network, irrespective of the operating system, to keep the ransomware from spreading. At the same time, disconnect all other devices from your network, including:
- Cloud storage
- External hard drives
- Shared network drives
- USB drives
Identify the ransomware: Knowing the strain of ransomware infecting your computer makes it easier for you to find a solution. The ransomware could be one of the following general variants:
- Doxware: Threatening to reveal or sell sensitive personal information unless you pay a ransom, doxing entails sending an email rather than locking your files. You can use Avast Hack Check to see if your passwords have been leaked or stolen.
- Filecoders: Demanding a ransom before a specific time, filecoders like KeRanger or MacRansom - a RaaS - encrypts files and promises to destroy, damage, or permanently lock your data unless you pay. About 90% of ransomware are filecoders.
- Scareware: Attempting to scare you into paying for a fake Mac malware cleaning tool you don't need, scareware uses bogus web pages, pop-up ads, or scanning applications with counterfeit results. As long as you don't click on anything, this is the easiest type of ransomware to remove.
- Lockers: Locking your screen and preventing you from accessing your Mac until you pay the ransom, the most common type of screenlocker is the FBI/MoneyPak scam.
To identify the type of ransomware and download a decryption solution, visit Crypto Sheriff provided by Europol's European Cybercrime Center. If the tool recognizes the ransomware based on your input or file upload, it provides a link to the decryption program.
Remove the ransomware: Once you know what type of ransomware you're dealing with, you can begin to deal with it one of the following ways:
- Wait for it to delete itself: Once your files are encrypted, the ransomware might delete itself so as not to leave any clues that could lead to its encryption algorithm being rendered harmless.
- Get rid of it using a tool: Use one of the tools MacUpdate users recommend. See below for a full list of free and paid tools.
- Use a premium service to remove it: Although they probably won't be able to decrypt your files, some anti-malware or antivirus companies provide a paid service to help with ransomware removal. Contact your security software company to see whether they offer this service.
- Remove it manually: If you are an advanced Mac user and none of the methods mentioned above work, you may want to remove the ransomware manually. Before attempting it - and only if you know what you're doing - consult the forums referred to above.
Recover the encrypted files: Removing the ransomware won't restore your data, so that's the next step. Here are two options based on how good you are at looking after your system:
- Restore from a backup: If you've been good backing your files up, the easiest and quickest way to get back up and running is restoring your system from your latest backup. It'll get rid of the ransomware and restore your files to the last backup version.
If you use Mac's Time Machine, you can roll back your system to its state before the ransomware attack. See Restore your Mac from a backup to see how to restore from a Time Machine backup. - Use decryption tools: If you don't have any recent backups, search for a decryption tool for the ransomware that infected your Mac system. As a last resort, you might also search for file recovery software such as Wondershare Data Recovery for Mac.
- Restore from a backup: If you've been good backing your files up, the easiest and quickest way to get back up and running is restoring your system from your latest backup. It'll get rid of the ransomware and restore your files to the last backup version.
How Does macOS Protect Against Ransomware?
Apple includes many safeguards against ransomware for Mac protection within macOS. These include:
- XProtect: A background process that scans downloaded files as part of the standard procedure for quarantining files. Apple provides regular updates with new malware definitions.
- Gatekeeper: One of macOS' main defense mechanisms against malware, Gatekeeper makes sure that downloaded software is signed by an identified developer and verifies that it is unaltered.
- macOS Antivirus: Apple includes built-in antivirus software that blocks and removes malware before they can affect your Mac.
- System Integrity Protection (SIP): Restricting components to read-only for specific critical file systems, SIP prevents the execution and modification by malicious code.
For a full list of Apple's built-in security for macOS, see macOS Security: Overview for IT.
How Do I Check for Ransomware on My Mac?
While the chance of you experiencing a ransomware attack is minimal, there's no harm in taking active measures to protect yourself by boosting your Mac security.
One tool you can use is RansomWhere?. A free app that runs in background mode, RansomWare? detects file encryption by identifying suspicious processes. Once identified, it halts the encryption process and notifies you of the threat. You choose whether to terminate the process or authorize it to run.
While some files may already have been encrypted before detection by RansomWare?, it should be minimal compared to what might have been.
How Do I Protect My Mac Against Ransomware?
What are your best choices? Here are the top three ransomware tools our readers recommend:
Offering protection against both new and existing threats, Norton for Mac provides advanced, multi-layered security. It incorporates sophisticated anti-malware, anti-phishing, anti-ransomware, and anti-virus features, along with a smart firewall to safeguard your information and privacy against malicious attacks.
- Version Reviewed: 8.1.2
- System Requirements: OS X 10.10 Yosemite, macOS 10.12 Sierra, or higher.
- Licensing: Subscription for one device is $79.99 per year.
Utilizing enterprise-grade endpoint protection technologies, Sophos for Mac blocks advanced cyberattacks, including exploits, malware, phishing, ransomware, and viruses. Easy to install and simple to use, the free version offers a 30-day trial of Sophos Home Premium which includes comprehensive ransomware protection.
- Version Reviewed: 2.2.4
- System Requirements: OS X 10.11 (El Capitan) or higher.
- Licensing: A free version or a subscription-based version at $60/year.
Offering real-time protection through continuous monitoring executed in the background, Kaspersky Internet Security for Mac blocks cryptolockers, malware, and viruses before they infect your hard-drive. Both Kaspersky Internet Security and Kaspersky Total Security include protection against ransomware.
- Version Reviewed: 20
- System Requirements: OS X 10.12 (Sierra) or higher
- Licensing: Three subscription-based versions (Internet Security for Mac, Internet Security, and Total Security) starting at $59.95/year with a 30-day free trial.
Should I Ever Pay Ransomware?
Once a ransomware notification appears on your screen, you have a decision to make: to pay or not to pay.
While you may want to sort the problem out as quickly as possible, we recommend that you NEVER negotiate or pay your attacker.
If you're inclined to ignore that advice, here are a couple of factors to consider:
- Many ransomware attacks are hoaxes, so the perpetrator may not even have the decryption key.
- Even if the attack is genuine, paying the ransom does not guarantee that you will receive the decryption key.
- If you do receive a decryption key, there is no guarantee that it will work.
- “There is no honor among thieves,” so you may end up paying a hacker who's been hacked, with little chance of getting any decryption key, let alone one that works.
How do I Protect Myself Against Ransomware?
By simply applying good security practices, you can protect yourself against ransomware:
- Maintain a complete backup of critical files and data in the cloud at all times.
- If you back up to an external drive, always disconnect after backing up so it can't be encrypted in the event of an attack.
- Never open an email attachment you're not expecting.
- Avoid using your administrator for day-to-day activities.
- Keep your browsers, operating system, and third-party software up-to-date with updates installed automatically.
- Secure passwords with Mac KeyChain password manager.
- Deactivate services that you don't use, such as Airport or Bluetooth.
- Only download and install apps from recognized stores.
- Use an excellent anti-malware program with layered protection. It should include deep scan capabilities to detect and proactively block threats such as ransomware.
The Bottom Line
Ransomware is an unwanted risk that can proactively be avoided. Protecting your Mac is relatively easy if you follow the steps outlined above.
If you do experience a ransomware attack, remember these two things:
- Don't panic
- Don't pay
However, the best thing to do is protect your Mac upfront.
Just follow our suggestions, and you'll be just fine.
It’s fair to say there’s less risk of malware attacks on a Mac than a PC, but does that mean you can skip antivirus altogether?
For years, we’ve been told that Macs can’t get viruses. But no computer is immune from cyber attacks, so each year we test Mac antivirus software to their limits with hundreds of virus attacks including worms and ransomware to see how they fare. Read on to see your protection options.
Browse all our antivirus software reviews, or skip straight to the best antivirus packages from our tough tests.
Built-in Mac security
There aren’t many viruses for Mac computers, which makes them hard to come by. Our lab tests Windows antivirus software with several thousand Windows-specific viruses each year, but tests only a few dozen on Mac computers. That isn’t to say that it’s impossible to catch a Mac virus, but the number of different strains is much smaller.
MacOS is secure by design. It requires a number of steps to allow a virus to run on your machine and needs you, the user, to intervene for any program – be it a virus or otherwise – to gain access to critical system files. In short, it’s actually quite tricky to get infected by Malware on an Mac.
Why you should still consider anitivirus for Mac
Even if you don’t let a piece of malware run, we have found that macOS’ built-in security scanning doesn’t reliably detect dormant viruses just sitting on the hard drive. If you never had any intention of running the viruses yourself, you could inadvertently share them with somebody you know who might not be so fortunate.
And there’s more to antivirus than simply protection from viruses. Almost all the security suites we test come with additional protection against phishing attacks, where websites pretend to be legit in order to steal your data. We have found that the very best Mac security suites will also bolster your phishing protection quite significantly, and perform better than the protection built into the Mac versions of Safari, Chrome, Firefox and Opera web browsers. For this reason, if you’re nervous about threats on the web, it would make sense to at least consider a Mac security suite.
Antivirus options for Apple Macs
While there’s no cheap way to get yourself a Mac, those who don’t fancy a yearly subscription to a security suite can rest easy in the knowledge that this year we tested three free options, one of which was good enough to be a Best Buy.
If you’re a Which? member, you can see the very best antivirus options on our best antivirus for Mac advice guide. And for everybody else, we’ve highlighted five options from the biggest brands.
Paid antivirus for Mac
Norton Security Deluxe
One of the biggest names in antivirus has a relatively inexpensive Mac option. What’s more, if you have Windows computers in your household you can mix and match the different device types under the same subscription. Subscribing gets you various other benefits, although some, such as the 50GB of cloud storage, is only available for Windows computers. See whether it’s worth paying for in our Norton Security Deluxe for Mac review.
Kaspersky Internet Security
Kaspersky’s security suite includes basic protection as well as tools specifically designed to protect your files from ransomware and a bolstered web browser for banking. Like Norton, you can mix and match a Kaspersky multi-device Internet Security subscription between Windows and Macs. See if it’s worth the cost in our full Kaspersky Internet Security for Mac review.
Bitdefender Antivirus for Mac
It comes with phishing protection and a VPN for keeping your web browsing safe from prying eyes, but can this AV production take on its big-brand rivals? It’s performed well in our tests in previous years, so read our full Bitdefender Antivirus for Mac review to find out.
Free antivirus for Mac
AVG Antivirus for Mac (free)
If you don’t want extra features and also don’t fancy shelling out for yet another digital subscription, AVG Free might be the option for you. There are no frills, but it should deliver when it comes to basic protection, adding that last layer of defence for when all else fails. See how it fared in our antivirus lab test by reading the full AVG Antivirus for Mac review.
Avast Free Antivirus for Mac (free)
Avast and AVG are owned by the same company, so they should perform similarly in our tests. Included in the installation is Avast’s free password manager, which might come in handy if you’ve yet to set one up for yourself. Read our full Avast Free Antivirus for Mac review to see whether it’s a good free choice.
How we test antivirus
Our antivirus test lab is riddled with threats. It has set up dozens of computers in 40 countries around the world to act as ‘honeypots’ for millions of viruses. These honeypots capture viruses that are fresh into the wild and may have only existed for days. This makes the task for the security software very challenging, because many of them rely upon huge databases of so-called virus ‘definitions’ to tell whether or not a file is harmful.
It Security Program
Grabbing new threats means they will also have to rely on their own intuition – rather than simply checking a database – using more advanced techniques to decide if there’s a threat. We also use a mix of scenarios on both Windows and macOS, including viruses stored on USB sticks, and even malicious real-world phishing webpages designed to steal your data. Only the most secure software can fend off all these types of attacks effectively.
Bank Security Program
Malware can be more of a concern if you’re using an old phone. Read our guide on mobile phone security for more.