// Seron Security

Are Mac And Linux Users Safe From Ransomware?

Are Mac And Linux Users Safe From Ransomware?

Michael Nuncic

2016 was the year of ransomware – 146 new strains of this destructive malware were discovered, which earned cybercriminals an estimated worldwide profit of around one billion dollars in 2016. By contrast, in 2015 only 29 strains of ransomware were discovered.

Until recently, Windows users were the primary target for ransomware attacks, but now hackers are also targeting Mac and Linux users too. More recently, smartphones or tablets with an Android or iOS operating system are also becoming targets.

The reason for this is simple: the proportion of Apple and Linux-based computers is increasing, and who doesn’t have a smartphone these days?!

Traditionally, you would have felt quite safe as a Mac or Linux user; Windows users have always been plagued with a high risk of catching viruses, worms or Trojans, whereas Apple or UNIX systems (including smartphones) have enjoyed a low threat level when it comes to malware. But has that now all changed?

Mac is still more secure than Windows

Mac users are currently still far less vulnerable than Windows users, as the spread of ransomware on the Mac so far requires a manual involvement of the user. However, it will certainly come to a point where attackers find a more efficient way of disseminating their malware, by which time macOS could be just as vulnerable as Windows.

Although the malware Patcher was recently discovered as an application for cracking popular software, the program is quite bumpy. In fact, the code for communicating with the host server to pay the ransom is often missed out, which means you are left high and dry with all your data encrypted and no hope of getting it back by paying the ransom (although in every case it is advisable not to pay the ransom anyway).

A more dangerous strain is ‘KeRanger’, which attacked about 7,000 Macs in 2016, even hitting time-machine backups. A quick intervention by Apple prevented the spread from getting any worse, but when one malware program is successful you can bet that there will be more right behind it.

It is therefore important that your backups should be stored on a storage medium that is not connected to the internet or the network. That way you can still access your data if something goes wrong with your main computer (this is good practice anyway, but it especially true when it comes to overcoming ransomware attacks).

Cybercriminals are also interested in Linux machines

Ransomware is currently not much of a problem for Linux systems. A pest discovered by security researchers is a Linux variant of the Windows malware ‘KillDisk’. However, this malware has been noted as being very specific; attacking high profile financial institutions and also critical infrastructure in Ukraine. Another problem here is that the decryption key that is generated by the program to unlock the data is not stored anywhere, which means that any encrypted data cannot be unlocked, whether the ransom is paid or not. Data can still sometimes be recovered by experts like Ontrack, however timescales, difficulty and success rates depend on the exact situation and strain of ransomware.

The Linux pedant to KeRanger is called ‘Linux.Encoder’. This malicious program originally came from an open source ransomware project and is relatively easy to comprehend because of its half-baked programming. As a result, the chance of getting lost data back is high, for now. Again, the industry will need to deal with improved versions in the future, but at least for now the situation is still pretty relaxed.

Smartphones are the top target

Almost everyone today has a smartphone, and on it often resides a variety of private and business data, which is a prime target for hackers to hold hostage.

However, the infection with the malware does not happen automatically; the user of the phone must actively participate and independently, for example, by installing a contaminated app on a device. However, in these cases not everything is still not lost – putting a smartphone into ‘safe mode’ can help to uninstall rogue apps, or some specialist software tools can remove it for you. As a last resort you can even reset the phone to factory settings, which will ‘delete’ all data stored on the device.

Although the manufacturer of the smartphone operating system Android (Google) reacts quite well to known malware problems, it still may take some time for the device manufacturers to incorporate the updates into their own brand-specific operating systems and then deliver them to their customers.

Apple vs. Android

Apple users rejoice – iPhones are better off. Previous reports about surfaced ransomware were not completely correct, and in most cases they were just pseudo-ransomware attacks or simple error message spam.

The reason for the much better performance compared to Android phones is on the one hand that Apple does not work with open source software and on the other hand that Apple reacts very quickly to possible problem areas and provides its customers with updates – without having to take the long route via external companies. However, even with Apple smartphones it is always possible that this could change in the future, leaving data at risk.

Therefore, it is recommended (as with all computers and devices that stored data) to create frequent backups. If you’re lucky and have backed up properly then getting your data back might be as simple as wiping your device completely, initiating a fresh install and then restoring your data from the backups.

If your backups did not work and your find your data being attacked and encrypted by ransomware, you should contact a data recovery service provider immediately. Remember not try out any DIY data recovery methods you might find on the Internet, as it can often make the situation worse. It’s much safer to shut down your affected device and contact a professional to understand exactly what your options are and the likely chances of a successful recovery being possible.