From Newsgroup: comp.sys.mac.system

Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful
ransomeware attacks on a Apple computer?

--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On 10 Jul 2021 at 20:41:52 BST, gtr <xxx@yyy.zzz> wrote:

Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful
ransomeware attacks on a Apple computer?

Well that's a good question. And I have to wonder why all these companies continue to use such compromisable infrastructure. What software systems are
so important that they have to? What is Kaseya and the like providing that these folk can’t do without? Are these apparently indispensible systems only available if you're a Windows user?

--
Tim
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On 2021 Jul 10, gtr wrote
(in article <scct5v$160$1@dont-email.me>):

Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful
ransomeware attacks on a Apple computer?

Yes. Starting with the fake FBI ‘virus’, there were a number of ransomeware-like attacks. Most/all of them required that the user download a trojan of some kind. It might have been a ‘click here’ item on an email, it might have been a fake installer (fake Adobe Flash and Reader installers were particularly popular), it might have been something else. It’d freeze your system unless you paid up, or encrypt everything, or both.

The number of attacks, and the number of different attack malware, was far less than the attacks on Windows.

--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On 2021-07-10 23:28:59 +0000, Wolffan said:

On 2021 Jul 10, gtr wrote
(in article <scct5v$160$1@dont-email.me>):

Whether the result of a computer virus or malware affixed to a
well-intentioned software/update, have their been any successful
ransomeware attacks on a Apple computer?

Yes. Starting with the fake FBI ‘virus’, there were a number of ransomeware-like attacks. Most/all of them required that the user download a trojan of some kind. It might have been a ‘click here’ item on an email, it might have been a fake installer (fake Adobe Flash and Reader installers were particularly popular), it might have been something else. It’d freeze your system unless you paid up, or encrypt everything, or both.

The number of attacks, and the number of different attack malware, was far less than the attacks on Windows.

Were any of the "ransomware-like attacks" actual ransomware where one
had to pay a ransome to restore their system? If so what was it named
and when did it happen? Did Apple come with a way to deal with it?

I know that Adobe scams were popular malware vessels, but I never heard
of one cited as *ransomeware*, the main point of my question.

--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On 2021-07-11 05:33:58 +0000, gtr said:

On 2021-07-10 23:28:59 +0000, Wolffan said:

On 2021 Jul 10, gtr wrote
(in article <scct5v$160$1@dont-email.me>):

Whether the result of a computer virus or malware affixed to a
well-intentioned software/update, have their been any successful
ransomeware attacks on a Apple computer?

Yes. Starting with the fake FBI 'virus', there were a number of
ransomeware-like attacks. Most/all of them required that the user download a >> trojan of some kind. It might have been a 'click here' item on an email,
it might have been a fake installer (fake Adobe Flash and Reader installers >> were particularly popular), it might have been something else. It'd freeze >> your system unless you paid up, or encrypt everything, or both.

The number of attacks, and the number of different attack malware, was far >> less than the attacks on Windows.

Were any of the "ransomware-like attacks" actual ransomware where one
had to pay a ransome to restore their system? If so what was it named
and when did it happen? Did Apple come with a way to deal with it?

I know that Adobe scams were popular malware vessels, but I never heard
of one cited as *ransomeware*, the main point of my question.

Despite numerous media scare stories (almost all supplied by the
anti-malware makers "discovering a new threat") and know-nothing
anti-Apple trolls, there isn't really any actual real world proof of
malware on macOS affecting anyone. If you're stupid enough to download
and install pirated software or visit porn websites, then you might get
some malware, but even that is unlikely.


--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

In message <ikuj7dF6gl7U1@mid.individual.net> TimS <timstreater@greenbee.net> wrote:

On 10 Jul 2021 at 20:41:52 BST, gtr <xxx@yyy.zzz> wrote:

Whether the result of a computer virus or malware affixed to a
well-intentioned software/update, have their been any successful
ransomeware attacks on a Apple computer?

Well that's a good question. And I have to wonder why all these companies continue to use such compromisable infrastructure. What software systems are so important that they have to? What is Kaseya and the like providing that these folk can’t do without? Are these apparently indispensible systems only
available if you're a Windows user?

Ransomware affects linux systems as well, even though the infection
vector is via Windows.

On a Mac it's certainly possible for something to encrypt YOUR files,
but it is not possible for it to encrypt the Time Machine backups or the system, so all you have to do is restore your files from TM and you are
right back in business. Makes it less that efficient tow write Mac
versions of ransomware when there's no reason for anyone, ever, to pay
the ransom unless they are so foolish as to not have Time Machine
backups as part of their backups, but what dimbulb moron would do that?

--
On the other hand, you have different fingers.
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On 2021 Jul 11, gtr wrote
(in article <scdvs6$hp9$1@dont-email.me>):

On 2021-07-10 23:28:59 +0000, Wolffan said:

On 2021 Jul 10, gtr wrote
(in article <scct5v$160$1@dont-email.me>):

Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful ransomeware attacks on a Apple computer?

Yes. Starting with the fake FBI ‘virus’, there were a number of ransomeware-like attacks. Most/all of them required that the user download a
trojan of some kind. It might have been a ‘click here’ item on an email,
it might have been a fake installer (fake Adobe Flash and Reader installers were particularly popular), it might have been something else. It’d freeze
your system unless you paid up, or encrypt everything, or both.

The number of attacks, and the number of different attack malware, was far less than the attacks on Windows.

Were any of the "ransomware-like attacks" actual ransomware where one
had to pay a ransome to restore their system? If so what was it named
and when did it happen? Did Apple come with a way to deal with it?

I know that Adobe scams were popular malware vessels, but I never heard
of one cited as *ransomeware*, the main point of my question.

I rescued several people’s machines after variants of the fake FBI ‘virus’ (really a trojan that they had, unwisely, downloaded and installed, usually a fake Flash installer) locked their systems and demanded $300 to $500 to unlock. (I rescued one guy twice. Even after being burned
once he fell for a variant on the same trojan again. “Macs don’t get viruses”, he said. “It ain’t a virus, it’s a trojan, almost all Mac malware are trojans,” I said. “Get Adobe updaters from Adobe, not random places on the internet, and especially not porn sites, and yes I know that
you got this one from a porn site, I even know which site, it left all kinds of crap all over.” For some reason he never contacted me again. How sad.)
It wasn’t “gimme some bitcoin or you’ll never see your files again” ransomeware, it was “We’re the Feds, we found kiddie porn on your machine (no, there wasn’t any, I checked) and we’re fining you $300, pay using a Green Dot Visa card obtained from one of these fine sources, your files are locked until you pay up” malware. I think that that’s close enough to ransomeware. This kind of crap was sufficiently common (mostly on Windows, of course) that the Feds put up a page to address the problem, pointing out that they don’t fine people for kiddie porn, they arrest them. https://www.fbi.gov/news/stories/new-internet-scam (note the datestamp on
that page... note that the Feds call it ransomware...) There were many guides to killing the scam, some of which actually worked.

I haven’t seen any of these attacks in years, apparently getting right up
in the FBI’s face is not a good long-term survival strategy, (who knew?)
and so all the would-be smart boys are gone now.

--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On 10-Jul-2021 at 10:33:58PM PDT, "gtr" <xxx@yyy.zzz> wrote:

On 2021-07-10 23:28:59 +0000, Wolffan said:

On 2021 Jul 10, gtr wrote
(in article <scct5v$160$1@dont-email.me>):

Whether the result of a computer virus or malware affixed to a
well-intentioned software/update, have their been any successful
ransomeware attacks on a Apple computer?

Yes. Starting with the fake FBI ‘virus’, there were a number of
ransomeware-like attacks. Most/all of them required that the user download a >> trojan of some kind. It might have been a ‘click here’ item on an email, >> it might have been a fake installer (fake Adobe Flash and Reader installers >> were particularly popular), it might have been something else. It’d freeze >> your system unless you paid up, or encrypt everything, or both.

The number of attacks, and the number of different attack malware, was far >> less than the attacks on Windows.

Were any of the "ransomware-like attacks" actual ransomware where one
had to pay a ransome to restore their system? If so what was it named
and when did it happen? Did Apple come with a way to deal with it?

I know that Adobe scams were popular malware vessels, but I never heard
of one cited as *ransomeware*, the main point of my question.

I had an engineer bring their Mac laptop to me to install Office some years ago. It had adware installed on it which would monitor web useage and inject ads for MacKeeper randomly. It was fine when I'd installed something else the prior week.

I asked him what he'd installed on it recently. "I installed Steam so I could play some games over the weekend."

The CEO told me to confiscate the Mac and re-image it. I kept a USB stick with the current MacOS install for just this purpose. He lost everything on that machine he hadn't saved to his home directory on the file servers.

I made an example of him, mentioning his faux pas to whomever whenever he'd come to my cube for something. People stopped installing that stuff on their systems.

The CEO's admin, who ran a Windows 8 laptop, was another matter. I kept
several tools to rip out Malware from her PC regularly. I was so close to disabling IE and replacing it with Chrome, but she learned her lesson and stopped clicking on random stuff.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

In article <sce1t8$rgv$1@gioia.aioe.org>, Your Name
<YourName@YourISP.com> wrote:

Despite numerous media scare stories (almost all supplied by the anti-malware makers "discovering a new threat") and know-nothing
anti-Apple trolls, there isn't really any actual real world proof of
malware on macOS affecting anyone.

yes there is. it's not much, but it's definitely not zero.

If you're stupid enough to download
and install pirated software or visit porn websites, then you might get
some malware, but even that is unlikely.

false.
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On 2021-07-10 15:41, gtr wrote:

Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful
ransomeware attacks on a Apple computer?

If companies had proper IT infrastructure, training for staff, data
backups separate from applications backups; separate again for OS.

Thence a disaster recovery plan. (this is the key).

There would be no ransomware attacks. Companies would simply wipe their drives (or replace them), re-install and re-start. Hours to a day or 2 depending on the size of the co. to get critical functions up and running.

But it would appear that it's cheaper to negotiate down the ransom
amount (Colonial) over a few days and then paying off to get things
going again than to practice comprehensive IT security...

BTW: financial companies (big) have some of the best IT out there. They invest heavily in the ability to be up and running quickly after any
sort of disaster imaginable. This is not cheap at all as it involves mirroring in near real time. That's not for every co.

A company doesn't need that level of recovery, but they need far better
than what the null brains at Colonial had.

When a co. is in a strategic national economic position such as
Colonial, there should be standards for recovery.

--
"...there are many humorous things in this world; among them the white
man's notion that he is less savage than the other savages."
-Samuel Clemens
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On 2021 Jul 11, Alan Browne wrote
(in article <0ICGI.11153$VU3.5129@fx46.iad>):

On 2021-07-10 15:41, gtr wrote:

Whether the result of a computer virus or malware affixed to a well-intentioned software/update, have their been any successful ransomeware attacks on a Apple computer?

If companies had proper IT infrastructure, training for staff, data
backups separate from applications backups; separate again for OS.

Thence a disaster recovery plan. (this is the key).

There would be no ransomware attacks. Companies would simply wipe their drives (or replace them), re-install and re-start. Hours to a day or 2 depending on the size of the co. to get critical functions up and running.

It’s not quite that simple.

1. A large company might have tens of terabytes, even hundreds of TB, of
data. Buying the storage is not the problem. Even buying triple the storage, to have _two_ complete backups, is not the problem. Restoring the entire company suite is the problem. That takes time. Even if you simply grab drives from the backup set and use them to replace drives in the active set, it
still takes time.

2. Backups, by themselves, are not the solution. Several ransomeware variants deliberately aim at backups, so that the backups are also contaminated. Extra software, to check the backups and ensure that they’ree good, would be required... and that’s not cheap. And it slows down both backup and
restore.

3. You mentioned training for the staff. This is absolutely critical. Last I looked, 93% of ransomeware attacks got in thanks to human error: social engineering attacks, most often phishing or pharming, or the ever-popular ‘click me’ attacks. Ransomeware would be far less of a menace if only staff wouldn’t fall victim to these kind of attacks. The problem is that it only takes one guy to make one mistake, and the bad guys are in. Right now MS is fighting PrintNightmare, an attack using the print spool services on Windows as of Vista (MS isn’t patching Vista, though the patches for Win 7 might work there. MS is patching 7. Last I looked there were three different patches out, because there were problems with the first two. Good luck
keeping track.) and PrintNightmare can allow all kinds of attacks. A good way to stop PrintNightmare is to disable printing on Windows. Unfortunately companies who depend on print services (like, oh, the one I work for) have a major problem doing that. Rioght now we’re printing from Macs and Linux only, but that can’t go on. If there isn’t a fix, soon, the solution will be to dump Windows entirely, and that will cause serious problems right
there.

4. Also critical uis better software. Software to detect inbound ransomeware and kill it before it gets near the network. Software to monitor live files, and backups, looking for unauthorized actions, including but not limited to files being encrypted. Software blocking unauth inbound, and especially, outbound, network activity. Yes, such software exists. However, it needs to
be faster, easier to use, cheaper, and, especially, it needs to be actually used. Until I insisted, certain defensive systems at the company had been turned off last year, as they made life interesting for those working from home, which was most of us. I finally got all systems turned back on, even if Zoom hated them. (Zoom hated them. MS Teams did not. We moved to (ugh)
Teams.) There’s no point having the defenses and not using them...

But it would appear that it's cheaper to negotiate down the ransom
amount (Colonial) over a few days and then paying off to get things
going again than to practice comprehensive IT security...

It depends on (among other things) how long it would take to make the
restore. If it’ll take five days (the last time we ran a full test of the restore plan it took 125.7 hours from go, with teams running around the
clock, to fully restore everything. Remember, you don’t have a backup if
you can’t make a full restore.) Given how much money we’d lose per hour, if paying the bastards got the data back for less than we’d lose over 126 hours, we’d pay. If the bastards priced themselves too high, we’d recover the data from backups.

BTW: financial companies (big) have some of the best IT out there. They invest heavily in the ability to be up and running quickly after any
sort of disaster imaginable. This is not cheap at all as it involves mirroring in near real time. That's not for every co.

I once proposed getting serious backup systems, especially faster systems. Management nearly had heart failuire when they saw how much it would cost.

A company doesn't need that level of recovery, but they need far better
than what the null brains at Colonial had.

When a co. is in a strategic national economic position such as
Colonial, there should be standards for recovery.

And a whole lot more.


--- Synchronet 3.18b-Win32 NewsLink 1.113