Mac and Linux system ransomware prevention

28 February 2018 by Michael Nuncic

Mac and Linux ransomware in recent years has been on the rise with 146 new strains of destructive malware discovered back in 2016. It is estimated that this earned cybercriminals a worldwide profit of around one billion dollars. By contrast, in 2015 only 29 strains of ransomware were discovered.

Until recently, Windows users were the primary target for ransomware attacks, but now hackers are also targeting Mac and Linux users too. More recently, smartphones or tablets with an Android or iOS operating system are also becoming targets.

The reason for this is simple: the proportion of Apple and Linux-based computers is increasing, and who doesn’t have a smartphone these days?!

Traditionally, you would have felt quite safe as a Mac or Linux user; Windows users have always been plagued with a high risk of catching viruses, worms or Trojans, whereas Apple or UNIX systems (including smartphones) have enjoyed a low threat level when it comes to malware. But has that now all changed?

Mac is still more secure than Windows

Mac users are currently still far less vulnerable than Windows users, as the spread of ransomware on the Mac so far requires a manual involvement of the user. However, it will certainly come to a point where attackers find a more efficient way of disseminating their malware, by which time macOS could be just as vulnerable as Windows.

Although the malware Patcher was recently discovered as an application for cracking popular software, the program is quite bumpy. In fact, the code for communicating with the host server to pay the ransom is often missed out, which means you are left high and dry with all your data encrypted and no hope of getting it back by paying the ransom (although in every case it is advisable not to pay the ransom anyway).

A more dangerous strain is ‘KeRanger’, which attacked about 7,000 Macs in 2016, even hitting time-machine backups. A quick intervention by Apple prevented the spread from getting any worse, but when one malware program is successful you can bet that there will be more right behind it.

Top tips for preventing Mac malware attacks 

  • Backups should be stored on a storage medium that is not connected to the internet or the network.
  • Be wary not to download software to your mac system that is unlicensed 
  • Regularly update your device to prevent bugs or attacks accumulating
  • Only download apps that are highly trusted
  • Use long unique passwords to keep information and data safe
  • Consider changing who is an "admin" on the device and limit only to those required at this level
  • Use software that encrypts your mac data such as FileVault

Increasing Linux ransomware risk

Ransomware is becoming slowly becoming more of a problem on Linux systems, however, this malware has been noted as being very specific; attacking high profile financial institutions and also critical infrastructure in Ukraine. Another problem here is that the decryption key that is generated by the program to unlock the data is not stored anywhere, which means that any encrypted data cannot be unlocked, whether the ransom is paid or not. Data can still sometimes be recovered by experts like Ontrack, however timescales, difficulty and success rates depend on the exact situation and strain of ransomware.

The Linux pedant to KeRanger is called ‘Linux.Encoder’. This malicious program originally came from an open source ransomware project and is relatively easy to comprehend because of its half-baked programming. As a result, the chance of getting lost data back is high, for now. Again, the industry will need to deal with improved versions in the future, but at least for now the situation is still pretty relaxed.

Top tips for preventing Linux malware attacks 

Here are our top tips and advice for protecting against Linux ransomware: 

  • Make sure to frequently back up files especially critical ones 
  • Use a highly trusted anti-malware software that will help keep detect issues straight away and remove them
  • Consider using a VPN to help encrypt your data and make access to it harder for attackers
  • Make use of linux extensions such as linux kernal security 
  • use a strong password with multiple symbols and characters 

Smartphones are the top target

Almost everyone today has a smartphone, and on it often resides a variety of private and business data, which is a prime target for hackers to hold hostage.

However, the infection with the malware does not happen automatically; the user of the phone must actively participate and independently, for example, by installing a contaminated app on a device. However, in these cases not everything is still not lost – putting a smartphone into ‘safe mode’ can help to uninstall rogue apps, or some specialist software tools can remove it for you. As a last resort you can even reset the phone to factory settings, which will ‘delete’ all data stored on the device.

Although the manufacturer of the smartphone operating system Android (Google) reacts quite well to known malware problems, it still may take some time for the device manufacturers to incorporate the updates into their own brand-specific operating systems and then deliver them to their customers.

Apple vs. Android

Apple users rejoice - iPhones are better off. Previous reports about surfaced ransomware were not completely correct, and in most cases they were just pseudo-ransomware attacks or simple error message spam.

The reason for the much better performance compared to Android phones is on the one hand that Apple does not work with open source software and on the other hand that Apple reacts very quickly to possible problem areas and provides its customers with updates - without having to take the long route via external companies. However, even with Apple smartphones it is always possible that this could change in the future, leaving data at risk.

Therefore, it is recommended (as with all computers and devices that stored data) to create frequent backups. If you’re lucky and have backed up properly then getting your data back might be as simple as wiping your device completely, initiating a fresh install and then restoring your data from the backups.

Get help for malware attacks to mac and linux systems

If your backups did not work and your find your data being attacked and encrypted by ransomware, you should contact a data ransomware recovery service provider like Ontrack immediately. Remember not try out any DIY data recovery methods you might find on the Internet, as it can often make the situation worse. It’s much safer to shut down your affected device and contact a professional to understand exactly what your options are and the likely chances of a successful recovery being possible.


Call for Immediate Assistance!