Ransomware Question

Discussion in 'iMac' started by Robert4, May 1, 2019.

  1. Robert4 macrumors 6502

    Joined:
    Apr 20, 2012
    #1
    Hi,

    Reading about this Ransomware craze.
    Really scary.
    Do a lot of Backups, but still very concerned.

    All of the avail virus and Malware packages avail for a fee do a lot of
    bragging about Ransomware protection.
    As expected.

    Is there any concensous, though, which is really the "best" ?

    Thanks,
    Bob
     
  2. nambuccaheadsau macrumors 68000

    nambuccaheadsau

    Joined:
    Oct 19, 2007
    Location:
    Nambucca Heads Australia
    #2
    Safe browsing techniques and either Malwarebytes for Mac or DirecxtX Swift for malwares.

    There is no 'best' AV product as viruses cannot execute on the Unix base systewm.
     
  3. xgman macrumors 601

    xgman

    Joined:
    Aug 6, 2007
    #3
    Sensible caution. These add on's are likely to cause trouble of one sort or another. I wouldn't even consider any of them for "active" protection. Just check in a few places to see what is auto starting on your mac. System Preferences/User/logon Items and also in Library/Launch Agents and Launch Daemons.
     
  4. priitv8 macrumors 68040

    Joined:
    Jan 13, 2011
    Location:
    Estonia
    #4
    AFAIK, all ransomwares need to phone home first, before they can encrypt the disc.
    That is why I use Little Snitch to monitor and control all outgoing network connection requests myself.
     
  5. Fishrrman macrumors P6

    Fishrrman

    Joined:
    Feb 20, 2009
    #5
    There's been only one case of ransomware on the Mac (that I know of) -- with a corrupted copy of "Transmission", a year or two back if I recall right.

    It was dealt with quickly.

    I haven't heard of anything since.
    Not saying it won't happen.
     
  6. macduke macrumors G4

    macduke

    Joined:
    Jun 27, 2007
    Location:
    Central U.S.
    #6
    I use security best practices and have never installed antivirus on a Mac and have never had a single issue.

    I used security best practices and also installed antivirus on the PCs I used to build back in the day and had virus issues all the time.

    I'm not worried about it.
     
  7. mikehalloran macrumors 65816

    Joined:
    Oct 14, 2018
    Location:
    The Sillie Con Valley
    #7
    That sounds about right—early 2018, I think. Apple got it fixed in a hurry. I know that El Cap was in the security update but older was. All my schools called when the first rollout of the security patch did not include OS 10.11. A few days later, when Apple finally released the fix for El Capitán, a lot of people breathed easier. This is why all those 2007–early 2009 iMacs are being replaced this year (about time!).

    When someone tells me that OSxxx (over three years old) runs great and there's absolutely no reason to upgrade and bla, bla, bla... I agree — as long as they stay off the internet.
     
  8. HDFan macrumors 65816

    Joined:
    Jun 30, 2007
    #8
    Disregarding issues about Mac susceptibility and safe browsing/internet practices, there are things that you should consider with your backup policy.

    1. If your main system becomes corrupted, assume that any directly connected backup disks (not sure about network disks) have been corrupted as well.

    2. If your cloud backup only keeps one version of a file, then potentially your cloud backup could be corrupted.

    3. Consequently keep your archival backups disconnected from your system, with at least one set of disks/storage kept in offsite storage, as in a safe deposit box. Ensure that your cloud service keeps snapshots so you can revert to earlier versions.

    4. If your APFS drive has snapshots, if it becomes corrupted if there is an earlier snapshot you may be able to revert to that.

    Several articles indicate that if you use Time Machine that you should be able to revert to an earlier version. What is unclear to me is that as TM archive files are accessible from the finder, then malware should be able to encrypt all the TM files as well.
     
  9. cynics macrumors G4

    Joined:
    Jan 8, 2012
    #9
    Apple has a lot of safeties in place to prevent a ransomware attack on an iMac. Randomization of memory addresses, manual permission access, sandboxing, gatekeeper (Apple manually signed software from known devs), 2FA, etc, etc.

    Known malware is actively blocked and there is malware protection natively running looking for malware esk behavior. Auto security updates being enabled will also purge malware if found.

    And of course System Integrity Protection aka SIP aka rootless prevents even root access from modifying system files and it can only be turned off from recovery mode.

    Nothing is impossible but it would take a few zero day exploits to really cause any serious damage plus Apple is all over there security. So it would take tons of money, tons of time and the time window created to exploit user data would be very narrow. Its just not worth the effort when the same group of hackers could do more damage and/or make more money with Windows that a lot more businesses (banks and other financial institutions), government institutions, etc all use.

    Again though, nothing is impossible. Some of the coolest viruses and malware are specifically designed to jump an air gap to a system that isn't connected to the internet. Apple can only make the task of hacking MacOS insanely difficult but never completely impossible.
     

Share This Page

8 May 1, 2019