New Mac ransomware spreading through piracy

390 点作者 1915cb1f将近 5 年前

19 条评论

b212将近 5 年前

Apple puts so much pressure on security, shouldn't it be possible to block ransomware somehow on the OS level, possibly on all platforms?I mean not many apps need to modify millions of files on all drives including network drives and dongles... It should be fairly easy to spot, something like:1. If xxx wants to modify more than 50 files in 24 hours go to 2.2. If some of the files were modified more than a week ago or if the files are in directories across multiple drives go to 3.3. If some of the files are images/documents it's a no go, prompt user to accept and list the affected files.I'd love something like this for my Synology, it's connected to my Macbook as a network drive and I store my backups there, if anything modifies these files without my knowledge I'm doomed. I need to access some of my backups on daily basis so it's kinda hard to disconnect te drive all the time :/

评论 #23700092 未加载

评论 #23700123 未加载

评论 #23703401 未加载

评论 #23700598 未加载

评论 #23701051 未加载

评论 #23700065 未加载

评论 #23700271 未加载

评论 #23700021 未加载

评论 #23700106 未加载

评论 #23700676 未加载

peterburkimsher将近 5 年前

Has anyone tested whether this can be detected with RansomWhere? <a href="https://objective-see.com/products/ransomwhere.html" rel="nofollow">https://objective-see.com/products/ransomwhere.html</a>It's a program that warns me whenever programs are locking files. In practice it's a minor annoyance when using brew or pip. Similarly, Oversight tells me when my camera and mic are being used. <a href="https://objective-see.com/products/oversight.html" rel="nofollow">https://objective-see.com/products/oversight.html</a> It's a minor annoyance whenever I have a video call and plug in a microphone. But it's "for my protection", and sometimes can be useful to know whether it's really my sound settings that are the problem, or that my headphones are unplugged. These two also seem more trustworthy than anti-virus for Mac, because they don't claim to keep me safe, just warn me when there's a problem.

评论 #23696086 未加载

评论 #23696090 未加载

评论 #23696061 未加载

评论 #23695992 未加载

cpach将近 5 年前

I don’t understand how people dare to run executables downloaded from a pirate site...

评论 #23695904 未加载

评论 #23695927 未加载

评论 #23699235 未加载

评论 #23695798 未加载

评论 #23698525 未加载

评论 #23695935 未加载

评论 #23695918 未加载

评论 #23695791 未加载

评论 #23698087 未加载

评论 #23698328 未加载

评论 #23699089 未加载

评论 #23695898 未加载

评论 #23698190 未加载

评论 #23696451 未加载

评论 #23699115 未加载

评论 #23699045 未加载

评论 #23698825 未加载

评论 #23695956 未加载

评论 #23698273 未加载

评论 #23699726 未加载

评论 #23699359 未加载

评论 #23700177 未加载

评论 #23696354 未加载

评论 #23695790 未加载

评论 #23697282 未加载

评论 #23698990 未加载

评论 #23695849 未加载

评论 #23696187 未加载

Jerry2将近 5 年前

Play stupid games, win stupid prizes.If you cannot afford Little Snitch or don't want to pay for it or just prefer open source, install LuLu. It's a free and open source alternative to LS application firewall. [1] You can install it through Homebrew or download binaries manually [2].[1] <a href="https://github.com/objective-see/LuLu" rel="nofollow">https://github.com/objective-see/LuLu</a>[2] <a href="https://objective-see.com/products/lulu.html" rel="nofollow">https://objective-see.com/products/lulu.html</a>

评论 #23696591 未加载

评论 #23696563 未加载

评论 #23697587 未加载

评论 #23697320 未加载

评论 #23698101 未加载

评论 #23696403 未加载

评论 #23696634 未加载

nisten将近 5 年前

I really appreciate you reporting this, and understand that it's too late now but you should try to keep your source anonymous in a cases like this in case they get bad publicity where they live.

评论 #23700211 未加载

Wowfunhappy将近 5 年前

They only want $50 to decrypt the files?I wonder if they actually decrypt the files for that amount or if they demand more. I keep backups, but if I somehow got hit by this, I think I'd pay the $50 to avoid losing the few days of work. (I'd have a bit of an ethical quandary about it, but I'd still probably do it if I'm being quite honest.)

评论 #23696350 未加载

评论 #23696421 未加载

评论 #23697288 未加载

评论 #23697139 未加载

hedora将近 5 年前

Someone emailed me my password from two decades ago, and said they were going to ransomware my box, but that my porn habits were so uniquely interesting they just had to make a collage including screenshots and pics from my webcam (in the attached pdf, presumably). They’ll delete it for $1500 BTC, which is really a steal if you think about it.Is there a chatbot I can point at this chucklehead?> I really want to pay you BTC, but my computer says bit torrent was made by an unverified developer. I called my bank, and they said to ask what other ways you can accept payment. Do you know what a “Wire Transfer” is? We’re saving up for our first house, so I have the money and Ashley won’t miss it. Is $2000 OK? Please please please don’t out me!!!And then I want it to send a dozen more of these until the scammer gives up or sends it bank account info.

评论 #23696946 未加载

评论 #23697610 未加载

评论 #23697685 未加载

评论 #23699873 未加载

评论 #23697017 未加载

评论 #23697450 未加载

评论 #23698226 未加载

jiux将近 5 年前

Riddle me this:I wonder what ROI would look like in comparison if the schemers targeted $49.98.

crobertsbmw将近 5 年前

It sounds like whoever wrote this malware is just as crappy as a programmer as I am. Reassuring, I guess.

Shared404将近 5 年前

> However, Chrome will see that the files have been modified, and will replace the modified files with clean copies as soon as it runs, so it’s unclear what the purpose here is.The programs mentioned run in background almost continuously, right? If the malware modifies these, couldn't they execute it themselves so they could have a non-suspicious looking process?

numbsafari将近 5 年前

Admins should fix the link title. It should read "New Mac ransomeware spreading through stupidity".Installing pirated software you find "on the internet" in 2020 is the equivalent of spending a few hours in a confined space full of other people, none of them wearing masks. Don't be surprised when you get sick.

sys_64738将近 5 年前

Couldn't you run the Mac equivalent of a Windows Sandbox to restrict access if you had concerns about an app?

评论 #23695997 未加载

评论 #23695916 未加载

评论 #23697170 未加载

pgt将近 5 年前

It seems to me that the way to solve the encryption ransomware problem is to impose an immutable file system at the OS level + undo for X time and to ask for permission to write files outside a regular folder, just like microphone or screen share access.

评论 #23700095 未加载

评论 #23700149 未加载

qwerty456127将近 5 年前

> Worse, the installer package was pointlessly distributed inside a disk image file.Pirate torrent tracker forum rules often demand every single Mac app uploaded must be encapsulated in a DMG disk image file.

JaggerJo将近 5 年前

Thumbs up. Pay for your damn software.

aronpye将近 5 年前

You tend to get what you pay for.

margorp2019将近 5 年前

just try

fortran77将近 5 年前

Why are these people trying to steal "Little Snitch" software? That's not right, either. There are no clean hands here.

评论 #23696289 未加载

varelaz将近 5 年前

Viruses & malware is the price of software piracy. If you don't have money to pay for the soft, you need to be ready to be infected with all possible consequences. It was obvious decades ago when piracy become a business. I understood piracy 10-15 years ago when price of the soft was too high for Russia comparing to US. Right now most everything is subscription based and you pay only if you get enough from it, and usually regional prices are pretty sane.

评论 #23700625 未加载