LockBit ransomware is targeting Macs for the first time

Ransomware attack on a computer
(Image credit: Kaspersky)

One of the most infamous ransomware strains, LockBit, has reportedly been spotted infecting Apple Mac devices for the first time, ever. 

Cybersecurity researchers from the MalwareHunterTeam tweeted about finding “locker_Apple_M1_64” - “the first Apple's Mac devices targeting build of LockBit ransomware sample seen”. What’s more, the researchers believe this might be the first time a “big name” gang targeted a Mac.

While targeting M1-powered devices might make headlines, 9To5Mac also says that a LockBit ransomware build is also “showing up for PowerPC Macs”, as well.

LockBit is currently one of the most widely-used ransomware variants around today. Its creators are offering the locker as a service (Ransomware-as-a-Service, or RaaS), allowing different hacking groups to use the tool for a fee. 

Among its more recent victims is the space exploration company, SpaceX. In mid-March, hackers said to have breached one of the company’s suppliers, and through them, obtained SpaceX’s sensitive data, including thousands of drawings certified by SpaceX engineers.

On one occasion, one of LockBit’s affiliates also targeted SickKids, the Hospital for Sick Children. SickKids is a major pediatric teaching hospital located on University Avenue in Toronto, Canada, and Affiliated with the Faculty of Medicine of the University of Toronto. The group was later excommunicated by LockBit’s creators, who also issued an apology and released a free decryptor. 

The group was first discovered roughly three years ago, and is believed to be operating either out of the United States, or out of China. Most members of the groups are speaking Russian, however. 

So far, ransomware attacks were contained to mostly Windows devices, with an occasional expedition into Linux. The Apple ecosystem was mostly perceived as safe from ransomware, until now. Whether or not this LockBit variant motivates more threat actors to start targeting Mac endpoints, remains to be seen. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.