Read on Twitter
New Blog Post:
"The LockBit ransomware (kinda) comes for macOS": objective-see.org/blog/blog_0x75โฆ ๐๐
Includes full technical analysis of LockBit's macOS arm64 variant ("locker_Apple_M1_64") + sample for download + heuristic methods of detection ๐ฅ
H/T @malwrhunterteam @vxunderground
"The LockBit ransomware (kinda) comes for macOS": objective-see.org/blog/blog_0x75โฆ ๐๐
Includes full technical analysis of LockBit's macOS arm64 variant ("locker_Apple_M1_64") + sample for download + heuristic methods of detection ๐ฅ
H/T @malwrhunterteam @vxunderground
First, (can't stress this enough), this variant though *compiled* for macOS is not specifically designed for macOS.
It's buggy (crashes), has an invalid signature, nor takes into account as of macOS's file-system security mechanisms.
So, impact to macOS users (for now): 0
It's buggy (crashes), has an invalid signature, nor takes into account as of macOS's file-system security mechanisms.
So, impact to macOS users (for now): 0
Still as noted by others, the fact that a large ransomware gang (LockBit) has apparently set its sights on macOS, should give us all pause for concern.
So, wise to dig into this (test?) sample & gain a throughout understanding of its capabilities and approaches ๐พ๐ฌ๐ฉ๐ผโ๐ซ
So, wise to dig into this (test?) sample & gain a throughout understanding of its capabilities and approaches ๐พ๐ฌ๐ฉ๐ผโ๐ซ
And what about detection/protection?
Back in 2016 I published a blog titled "Towards Generic Ransomware Detection": objective-see.org/blog/blog_0x0Fโฆ
...musing that maybe we could generically detect ransomware by observing the rapid creation of encrypted files by untrusted processed ๐ค
Back in 2016 I published a blog titled "Towards Generic Ransomware Detection": objective-see.org/blog/blog_0x0Fโฆ
...musing that maybe we could generically detect ransomware by observing the rapid creation of encrypted files by untrusted processed ๐ค
I implemented this approach in a free open-source tool called "RansomWhere?" (objective-see.org/products/ransoโฆ)
And though its a bit dated (+needs some TLC), the tool had no problem generically detecting & stopping LockBit's ransomware ...even with no a priori knowledge of this threat ๐ฅฐ
And though its a bit dated (+needs some TLC), the tool had no problem generically detecting & stopping LockBit's ransomware ...even with no a priori knowledge of this threat ๐ฅฐ
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
ใ
