Protecting Macs Against Ransomware: Top Tips & Best Practices

Due to the ever-changing threat environment, Apple’s macOS is no longer immune to cyberattacks. Here’s a list of recommended measures businesses should take to keep their macOS devices safe from hackers.

August 30, 2022

A popular belief persists that macOS devices are safer than Windows-based ones, but the reality isn’t what Apple would like you to believe. Apple has done a great job embedding security protections into macOS, but today’s hackers are adept at sniffing out flaws or using a combination of tactics to infiltrate devices. Here are a few tips and best practices that macOS should keep in mind to keep hackers at bay.

By 2031, according to Cybersecurity VenturesOpens a new window , ransomware operators will bill their victims an additional $265 billion yearly by continuing to improve their malware payloads and associated extortion schemes. The amount is calculated using a damage cost growth rate of 30% each year for the following ten years. While the average payment grew by 78%, the average ransomware demand rose by 144%. Therefore, it won’t be wrong to say that Apple’s macOS operating system is no longer resistant to cyber attacks due to increased complexity and fresh assaults every two seconds.

See More: Top Five Mac Apps to Simplify Business Operations in 2022

Rise of ransomware attacks on macOS

Threats against macOS increasedOpens a new window by 60% in 2019 as cybercriminals sought to find new ways to uncover holes in the widely-used OS. Ever since, macOS has been the target of several assaults and a few ransomware operations, but there hasn’t been a significant breach as a result. According to ForbesOpens a new window , Mac malware beat Windows malware by a 2:1 margin in 2020. Then, in 2021, macOS-focused malware began to proliferate more widely, including ElectroRAT, XLoader, and Silver Sparrow. The popular desktop OS now faces increasing attacks, particularly ransomware, thanks to these new malware variants.

“There is still a lingering misperception that Macs are inherently more secure than Windows systems, because of the raw numbers of attacks,” saidOpens a new window Willy Leichter, CMO, LogicHub. “That sentiment largely reflects the current market share, where Windows still dominates. Macs do have some security advantages, but these are becoming less significant because of two trends: malware is increasingly targeting browser plugins, not the underlying OS.” In addition, he says, malware developers are increasingly creating cross-platform applications independent of the operating system.

One of the most striking changes to the Mac threat landscape in 2021, according to Jaron Bradley, manager of macOS detections at Jamf, was the effort that threat actors invested into targeting Macs. He claims that this involved locating fresh zero-day vulnerabilities and using them to spread malware designed specifically for Macs. Bradley cites an instance of attackers using a zero-day bypass (CVE-2021-30713) in Apple’s Transparency Consent and Control (TCC) architecture to spread malware known as XCSSET.

According to Bradley, malware using zero-day bypasses shows that attackers are becoming more competent and educated about macOS. Additionally, it proves that they value spending time incorporating these known vulnerabilities into their tooling.

The State of the Channel: Ransomware ReportOpens a new window from Datto states that MSPs have observed a growth in ransomware attacks on both macOS and iOS devices, equivalent to a 500% increase compared to the previous year. To swiftly compromise the network and steal data, ransomware is becoming speedier. Therefore, it is more important than ever to prevent them as quickly as possible before the attack even begins.

While macOS-specific malware is growing, companies must adhere to a solid set of procedures to protect themselves from ransomware attacks.

Best Practices for Protecting Macs Against Ransomware Attacks

Use the proper prevention tools

Ignoring threats to your Mac, thinking you are protected from ransomware, is not the correct practice. Some security apps protect your device from ransomware attacks. We have listed some features for tools that safeguard your Mac from ransomware activities.

Features to look for in an excellent Mac ransomware protection tool:

  • Alerts: You must want to stay updated if any unapproved app attempts to modify your device to deny or accept the modifications.
  • Trust-in feature: Opt for tools that help you manage which apps can make changes to files and folders. You can configure the apps according to your trust.
  • Protection for USB devices: External devices can become infected with ransomware. Some security software will automatically safeguard them as well.

Some of the Mac ransomware tools are as follows:

  • Avast
  • Bitdefender
  • Acronis Cyber Protect Home Office
  • Trend Micro
  • Sophos Home
  • ClamXAV
  • Norton Antivirus
  • Kaspersky Cyber Security

Listen to Apple’s macOS user guide

Numerous features in macOS prevent malware from harming your Mac and confidential or personal data. Surprisingly, you can find malware frequently, even in trustworthy apps. However, you may lower the chances of danger by using software solely from reputable sources. Further, you can enhance your macOS security by following the security and privacy preference settings:

  • The first step is to choose system preferences on the Apple menu on your Mac and then click security & privacy. Then tap on general settings.

If you find the lock at the bottom left as locked, select it to unlock the preference paneOpens a new window .

  • Make sure you use apps only from the Mac App store or App Store identified developers.

See More: Apple to Reinforce Spyware Defense With Lockdown Mode in iOS 16

Say no to pirated software

Software piracy can no doubt be called the main vector for spreading ransomware. The ransomware “ThiefQuest” (formerly known as “EvilQuest”) was found by MalwarebytesOpens a new window in a cracked version of Little Snitch’s installer in June 2020. Additionally, there were suspicions that the virus was present in unauthorized copies of DJ tools like Ableton Live and Mixed in Key 8.

After being initially posted to a Russian site for the exchange of cracked software, these installers propagated through BitTorrent. The Pirate Bay and other “popular” trackers keep tabs on these torrents, which are widely disseminated. You don’t necessarily need to scour the internet for dubious forums to come across any potentially malicious installers.

Piracy creates a very real risk of corrupting your system with malware due to the frequency with which hackers alter installation files or include extra updates intended to break the disputed software. People rarely understand what they will get from a torrent, even if it looks to be authentic or was posted by a known/mainstream group.

Be cautious if you don’t identify the origins of any software that peers or colleagues are passing around. While installing pricey software for free may be alluring, doing so might cost you far more than the licensing fee.

Have a bulletproof backup plan

Backups are a gold mine for firms that drive data. Your Mac’s built-in Time Machine backup tool may regularly back up your personal information, including applications, audio, photographs, emails, and files. You can restore deleted or inaccessible files if you have a backup. 

You should also set up a remote network backup just in case a fire or other disaster decimates your PC and the Time Machine disc. To combat ransomware, backups are significantly more crucial. Then again, there are some rules to keep in mind. Time Machine should first be unplugged anytime it is not in use. Before the launch of macOS Catalina, apps could access most of your system disc and any associated hard drives. Catalina has walked back much of it, but attackers may still breach such measures. It has been amply demonstrated in the past that malware may evade Gatekeeper and System Integrity Protection. Several more considerations to bear in mind are as follows:

  • Ensure you are ready for the worst. Disable your Time Machine drive once your backup is complete.
  • Even better is to avoid installing or upgrading software while creating a backup. If your backup disc is regularly connected to the network or through a storage array, you can unmount it while not in use. Right-click the menu bar to choose “Unmount” from your desktop.
  • If your Mac is corrupted and you have a backup available, you may clean everything, reinstall macOS, and recover your files. However, your backup device may potentially be taken hostage if your Mac is compromised and mounted. The risk is heightened if you’re still on a macOS version before Catalina.
  • You may avoid this problem by using a cloud-based backup solution. Select a vendor that offers version control so you may roll back to any unencrypted versions of your data in the event of the unexpected.

Keep the apps up-to-date

Every individual software app will eventually need to be updated to allow a new feature, secure against a discovered vulnerability, and/or ensure compatibility with a newer OS. These updates are equally critical to your system as OS updates because they enable the corresponding apps to offer the most recent security and protection to your system, its operating processes, and, most crucially, how it manages your data.

In addition to other advantages, Apple Remote Desktop is a fantastic tool that can be used to push software updates, replace old packages, or even remotely run commands and scripts in a 1:1 or 1:many scenario. Some third-party packages are accessible to push or deliver bug repair, allowing it to function in a web-based environment (like MDM). In contrast, others necessitate a physical command & control server.

How do you protect your Mac devices from cyber attacks? Let us know on LinkedInOpens a new window , Facebook,Opens a new window and TwitterOpens a new window . We would love to hear from you!

MORE ON RANSOMWARE ATTACKS

Ojasvi Nath
Ojasvi Nath

Assistant Editor, Spiceworks Ziff Davis

Ojasvi Nath is Assistant Editor for Toolbox and covers varied aspects of technology. With a demonstrated history of working as a business writer, she has now switched her interest to technology and handles a broad range of topics from cybersecurity, cloud, AI, emerging tech innovation to hardware. Being a philomath, Ojasvi thinks knowledge is like a Pierian spring. The more you dive in, the more you learn. You can reach out to her at ojasvi.nath@swzd.com
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.