1. Forum
  2. USENET
  3. comp.sys.mac.system

  • Ransomware

    From gtr@xxx@yyy.zzz to comp.sys.mac.system on Saturday, July 10, 2021 12:41:52
    From Newsgroup: comp.sys.mac.system

    Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful
    ransomeware attacks on a Apple computer?

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From TimS@timstreater@greenbee.net to comp.sys.mac.system on Saturday, July 10, 2021 21:53:50
    From Newsgroup: comp.sys.mac.system

    On 10 Jul 2021 at 20:41:52 BST, gtr <xxx@yyy.zzz> wrote:

    Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful
    ransomeware attacks on a Apple computer?

    Well that's a good question. And I have to wonder why all these companies continue to use such compromisable infrastructure. What software systems are
    so important that they have to? What is Kaseya and the like providing that these folk can’t do without? Are these apparently indispensible systems only available if you're a Windows user?

    --
    Tim
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Wolffan@akwolffan@zoho.com to comp.sys.mac.system on Saturday, July 10, 2021 19:28:59
    From Newsgroup: comp.sys.mac.system

    On 2021 Jul 10, gtr wrote
    (in article <scct5v$160$1@dont-email.me>):

    Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful
    ransomeware attacks on a Apple computer?

    Yes. Starting with the fake FBI ‘virus’, there were a number of ransomeware-like attacks. Most/all of them required that the user download a trojan of some kind. It might have been a ‘click here’ item on an email, it might have been a fake installer (fake Adobe Flash and Reader installers were particularly popular), it might have been something else. It’d freeze your system unless you paid up, or encrypt everything, or both.

    The number of attacks, and the number of different attack malware, was far less than the attacks on Windows.

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From gtr@xxx@yyy.zzz to comp.sys.mac.system on Saturday, July 10, 2021 22:33:58
    From Newsgroup: comp.sys.mac.system

    On 2021-07-10 23:28:59 +0000, Wolffan said:

    On 2021 Jul 10, gtr wrote
    (in article <scct5v$160$1@dont-email.me>):

    Whether the result of a computer virus or malware affixed to a
    well-intentioned software/update, have their been any successful
    ransomeware attacks on a Apple computer?

    Yes. Starting with the fake FBI ‘virus’, there were a number of ransomeware-like attacks. Most/all of them required that the user download a trojan of some kind. It might have been a ‘click here’ item on an email, it might have been a fake installer (fake Adobe Flash and Reader installers were particularly popular), it might have been something else. It’d freeze your system unless you paid up, or encrypt everything, or both.

    The number of attacks, and the number of different attack malware, was far less than the attacks on Windows.

    Were any of the "ransomware-like attacks" actual ransomware where one
    had to pay a ransome to restore their system? If so what was it named
    and when did it happen? Did Apple come with a way to deal with it?

    I know that Adobe scams were popular malware vessels, but I never heard
    of one cited as *ransomeware*, the main point of my question.

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Your Name@YourName@YourISP.com to comp.sys.mac.system on Sunday, July 11, 2021 18:08:41
    From Newsgroup: comp.sys.mac.system

    On 2021-07-11 05:33:58 +0000, gtr said:
    On 2021-07-10 23:28:59 +0000, Wolffan said:
    On 2021 Jul 10, gtr wrote
    (in article <scct5v$160$1@dont-email.me>):

    Whether the result of a computer virus or malware affixed to a
    well-intentioned software/update, have their been any successful
    ransomeware attacks on a Apple computer?

    Yes. Starting with the fake FBI 'virus', there were a number of
    ransomeware-like attacks. Most/all of them required that the user download a >> trojan of some kind. It might have been a 'click here' item on an email,
    it might have been a fake installer (fake Adobe Flash and Reader installers >> were particularly popular), it might have been something else. It'd freeze >> your system unless you paid up, or encrypt everything, or both.

    The number of attacks, and the number of different attack malware, was far >> less than the attacks on Windows.

    Were any of the "ransomware-like attacks" actual ransomware where one
    had to pay a ransome to restore their system? If so what was it named
    and when did it happen? Did Apple come with a way to deal with it?

    I know that Adobe scams were popular malware vessels, but I never heard
    of one cited as *ransomeware*, the main point of my question.

    Despite numerous media scare stories (almost all supplied by the
    anti-malware makers "discovering a new threat") and know-nothing
    anti-Apple trolls, there isn't really any actual real world proof of
    malware on macOS affecting anyone. If you're stupid enough to download
    and install pirated software or visit porn websites, then you might get
    some malware, but even that is unlikely.


    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Lewis@g.kreme@kreme.dont-email.me to comp.sys.mac.system on Sunday, July 11, 2021 09:24:40
    From Newsgroup: comp.sys.mac.system

    In message <ikuj7dF6gl7U1@mid.individual.net> TimS <timstreater@greenbee.net> wrote:
    On 10 Jul 2021 at 20:41:52 BST, gtr <xxx@yyy.zzz> wrote:

    Whether the result of a computer virus or malware affixed to a
    well-intentioned software/update, have their been any successful
    ransomeware attacks on a Apple computer?

    Well that's a good question. And I have to wonder why all these companies continue to use such compromisable infrastructure. What software systems are so important that they have to? What is Kaseya and the like providing that these folk can’t do without? Are these apparently indispensible systems only
    available if you're a Windows user?

    Ransomware affects linux systems as well, even though the infection
    vector is via Windows.

    On a Mac it's certainly possible for something to encrypt YOUR files,
    but it is not possible for it to encrypt the Time Machine backups or the system, so all you have to do is restore your files from TM and you are
    right back in business. Makes it less that efficient tow write Mac
    versions of ransomware when there's no reason for anyone, ever, to pay
    the ransom unless they are so foolish as to not have Time Machine
    backups as part of their backups, but what dimbulb moron would do that?

    --
    On the other hand, you have different fingers.
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Wolffan@akwolffan@zoho.com to comp.sys.mac.system on Sunday, July 11, 2021 05:35:21
    From Newsgroup: comp.sys.mac.system

    On 2021 Jul 11, gtr wrote
    (in article <scdvs6$hp9$1@dont-email.me>):

    On 2021-07-10 23:28:59 +0000, Wolffan said:

    On 2021 Jul 10, gtr wrote
    (in article <scct5v$160$1@dont-email.me>):

    Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful ransomeware attacks on a Apple computer?

    Yes. Starting with the fake FBI ‘virus’, there were a number of ransomeware-like attacks. Most/all of them required that the user download a
    trojan of some kind. It might have been a ‘click here’ item on an email,
    it might have been a fake installer (fake Adobe Flash and Reader installers were particularly popular), it might have been something else. It’d freeze
    your system unless you paid up, or encrypt everything, or both.

    The number of attacks, and the number of different attack malware, was far less than the attacks on Windows.

    Were any of the "ransomware-like attacks" actual ransomware where one
    had to pay a ransome to restore their system? If so what was it named
    and when did it happen? Did Apple come with a way to deal with it?

    I know that Adobe scams were popular malware vessels, but I never heard
    of one cited as *ransomeware*, the main point of my question.

    I rescued several people’s machines after variants of the fake FBI ‘virus’ (really a trojan that they had, unwisely, downloaded and installed, usually a fake Flash installer) locked their systems and demanded $300 to $500 to unlock. (I rescued one guy twice. Even after being burned
    once he fell for a variant on the same trojan again. “Macs don’t get viruses”, he said. “It ain’t a virus, it’s a trojan, almost all Mac malware are trojans,” I said. “Get Adobe updaters from Adobe, not random places on the internet, and especially not porn sites, and yes I know that
    you got this one from a porn site, I even know which site, it left all kinds of crap all over.” For some reason he never contacted me again. How sad.)
    It wasn’t “gimme some bitcoin or you’ll never see your files again” ransomeware, it was “We’re the Feds, we found kiddie porn on your machine (no, there wasn’t any, I checked) and we’re fining you $300, pay using a Green Dot Visa card obtained from one of these fine sources, your files are locked until you pay up” malware. I think that that’s close enough to ransomeware. This kind of crap was sufficiently common (mostly on Windows, of course) that the Feds put up a page to address the problem, pointing out that they don’t fine people for kiddie porn, they arrest them. https://www.fbi.gov/news/stories/new-internet-scam (note the datestamp on
    that page... note that the Feds call it ransomware...) There were many guides to killing the scam, some of which actually worked.

    I haven’t seen any of these attacks in years, apparently getting right up
    in the FBI’s face is not a good long-term survival strategy, (who knew?)
    and so all the would-be smart boys are gone now.

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Percival John Hackworth@pjh@nanoworks.com to comp.sys.mac.system on Sunday, July 11, 2021 12:05:29
    From Newsgroup: comp.sys.mac.system

    On 10-Jul-2021 at 10:33:58PM PDT, "gtr" <xxx@yyy.zzz> wrote:

    On 2021-07-10 23:28:59 +0000, Wolffan said:

    On 2021 Jul 10, gtr wrote
    (in article <scct5v$160$1@dont-email.me>):

    Whether the result of a computer virus or malware affixed to a
    well-intentioned software/update, have their been any successful
    ransomeware attacks on a Apple computer?

    Yes. Starting with the fake FBI ‘virus’, there were a number of
    ransomeware-like attacks. Most/all of them required that the user download a >> trojan of some kind. It might have been a ‘click here’ item on an email, >> it might have been a fake installer (fake Adobe Flash and Reader installers >> were particularly popular), it might have been something else. It’d freeze >> your system unless you paid up, or encrypt everything, or both.

    The number of attacks, and the number of different attack malware, was far >> less than the attacks on Windows.

    Were any of the "ransomware-like attacks" actual ransomware where one
    had to pay a ransome to restore their system? If so what was it named
    and when did it happen? Did Apple come with a way to deal with it?

    I know that Adobe scams were popular malware vessels, but I never heard
    of one cited as *ransomeware*, the main point of my question.

    I had an engineer bring their Mac laptop to me to install Office some years ago. It had adware installed on it which would monitor web useage and inject ads for MacKeeper randomly. It was fine when I'd installed something else the prior week.

    I asked him what he'd installed on it recently. "I installed Steam so I could play some games over the weekend."

    The CEO told me to confiscate the Mac and re-image it. I kept a USB stick with the current MacOS install for just this purpose. He lost everything on that machine he hadn't saved to his home directory on the file servers.

    I made an example of him, mentioning his faux pas to whomever whenever he'd come to my cube for something. People stopped installing that stuff on their systems.

    The CEO's admin, who ran a Windows 8 laptop, was another matter. I kept
    several tools to rip out Malware from her PC regularly. I was so close to disabling IE and replacing it with Chrome, but she learned her lesson and stopped clicking on random stuff.
    --
    DeeDee, don't press that button! DeeDee! NO! Dee...
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From nospam@nospam@nospam.invalid to comp.sys.mac.system on Sunday, July 11, 2021 09:18:35
    From Newsgroup: comp.sys.mac.system

    In article <sce1t8$rgv$1@gioia.aioe.org>, Your Name
    <YourName@YourISP.com> wrote:

    Despite numerous media scare stories (almost all supplied by the anti-malware makers "discovering a new threat") and know-nothing
    anti-Apple trolls, there isn't really any actual real world proof of
    malware on macOS affecting anyone.

    yes there is. it's not much, but it's definitely not zero.

    If you're stupid enough to download
    and install pirated software or visit porn websites, then you might get
    some malware, but even that is unlikely.

    false.
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Alan Browne@bitbucket@blackhole.com to comp.sys.mac.system on Sunday, July 11, 2021 09:51:56
    From Newsgroup: comp.sys.mac.system

    On 2021-07-10 15:41, gtr wrote:
    Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful
    ransomeware attacks on a Apple computer?



    If companies had proper IT infrastructure, training for staff, data
    backups separate from applications backups; separate again for OS.

    Thence a disaster recovery plan. (this is the key).

    There would be no ransomware attacks. Companies would simply wipe their drives (or replace them), re-install and re-start. Hours to a day or 2 depending on the size of the co. to get critical functions up and running.

    But it would appear that it's cheaper to negotiate down the ransom
    amount (Colonial) over a few days and then paying off to get things
    going again than to practice comprehensive IT security...

    BTW: financial companies (big) have some of the best IT out there. They invest heavily in the ability to be up and running quickly after any
    sort of disaster imaginable. This is not cheap at all as it involves mirroring in near real time. That's not for every co.

    A company doesn't need that level of recovery, but they need far better
    than what the null brains at Colonial had.

    When a co. is in a strategic national economic position such as
    Colonial, there should be standards for recovery.

    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Wolffan@akwolffan@zoho.com to comp.sys.mac.system on Sunday, July 11, 2021 11:40:58
    From Newsgroup: comp.sys.mac.system

    On 2021 Jul 11, Alan Browne wrote
    (in article <0ICGI.11153$VU3.5129@fx46.iad>):

    On 2021-07-10 15:41, gtr wrote:
    Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful ransomeware attacks on a Apple computer?

    If companies had proper IT infrastructure, training for staff, data
    backups separate from applications backups; separate again for OS.

    Thence a disaster recovery plan. (this is the key).

    There would be no ransomware attacks. Companies would simply wipe their drives (or replace them), re-install and re-start. Hours to a day or 2 depending on the size of the co. to get critical functions up and running.

    It’s not quite that simple.

    1. A large company might have tens of terabytes, even hundreds of TB, of
    data. Buying the storage is not the problem. Even buying triple the storage, to have _two_ complete backups, is not the problem. Restoring the entire company suite is the problem. That takes time. Even if you simply grab drives from the backup set and use them to replace drives in the active set, it
    still takes time.

    2. Backups, by themselves, are not the solution. Several ransomeware variants deliberately aim at backups, so that the backups are also contaminated. Extra software, to check the backups and ensure that they’ree good, would be required... and that’s not cheap. And it slows down both backup and
    restore.

    3. You mentioned training for the staff. This is absolutely critical. Last I looked, 93% of ransomeware attacks got in thanks to human error: social engineering attacks, most often phishing or pharming, or the ever-popular ‘click me’ attacks. Ransomeware would be far less of a menace if only staff wouldn’t fall victim to these kind of attacks. The problem is that it only takes one guy to make one mistake, and the bad guys are in. Right now MS is fighting PrintNightmare, an attack using the print spool services on Windows as of Vista (MS isn’t patching Vista, though the patches for Win 7 might work there. MS is patching 7. Last I looked there were three different patches out, because there were problems with the first two. Good luck
    keeping track.) and PrintNightmare can allow all kinds of attacks. A good way to stop PrintNightmare is to disable printing on Windows. Unfortunately companies who depend on print services (like, oh, the one I work for) have a major problem doing that. Rioght now we’re printing from Macs and Linux only, but that can’t go on. If there isn’t a fix, soon, the solution will be to dump Windows entirely, and that will cause serious problems right
    there.

    4. Also critical uis better software. Software to detect inbound ransomeware and kill it before it gets near the network. Software to monitor live files, and backups, looking for unauthorized actions, including but not limited to files being encrypted. Software blocking unauth inbound, and especially, outbound, network activity. Yes, such software exists. However, it needs to
    be faster, easier to use, cheaper, and, especially, it needs to be actually used. Until I insisted, certain defensive systems at the company had been turned off last year, as they made life interesting for those working from home, which was most of us. I finally got all systems turned back on, even if Zoom hated them. (Zoom hated them. MS Teams did not. We moved to (ugh)
    Teams.) There’s no point having the defenses and not using them...


    But it would appear that it's cheaper to negotiate down the ransom
    amount (Colonial) over a few days and then paying off to get things
    going again than to practice comprehensive IT security...

    It depends on (among other things) how long it would take to make the
    restore. If it’ll take five days (the last time we ran a full test of the restore plan it took 125.7 hours from go, with teams running around the
    clock, to fully restore everything. Remember, you don’t have a backup if
    you can’t make a full restore.) Given how much money we’d lose per hour, if paying the bastards got the data back for less than we’d lose over 126 hours, we’d pay. If the bastards priced themselves too high, we’d recover the data from backups.

    BTW: financial companies (big) have some of the best IT out there. They invest heavily in the ability to be up and running quickly after any
    sort of disaster imaginable. This is not cheap at all as it involves mirroring in near real time. That's not for every co.

    I once proposed getting serious backup systems, especially faster systems. Management nearly had heart failuire when they saw how much it would cost.


    A company doesn't need that level of recovery, but they need far better
    than what the null brains at Colonial had.

    When a co. is in a strategic national economic position such as
    Colonial, there should be standards for recovery.

    And a whole lot more.


    --- Synchronet 3.18b-Win32 NewsLink 1.113