Apple users, beware! A new ransomware variant, macOS.NotLockBit, is shifting the cybersecurity landscape, traditionally dominated by Windows and Linux threats, to include macOS systems. Experts from Trend Micro and SentinelLabs have identified this malware as a sophisticated version of ransomware capable of file encryption and data exfiltration.
Named after the infamous LockBit ransomware, this variant exploits vulnerabilities in both Intel-based and Apple silicon Macs running Rosetta emulation. It encrypts files, renames them with an “.abcd” extension, and demands ransom payments via a README.txt file left in affected directories. More concerningly, it exfiltrates data to remote servers, leveraging AWS S3 storage with embedded credentials—a move indicating advanced attacker strategies.
Although macOS’s built-in protections, such as Transparency, Consent, and Control (TCC), provide some defense, experts warn that these safeguards might not remain impenetrable against evolving malware techniques. This marks a stark reminder that Apple’s ecosystem, long considered a fortress, is not immune to sophisticated cyberattacks.
The good news? No confirmed victims have been reported yet. However, as the ransomware evolves—adding features like obfuscated code and compatibility with the latest macOS Sonoma—staying vigilant is critical.
Keep your systems updated, utilize robust security solutions, and back up data regularly. Cyber resilience is your best defense against these emerging threats!