Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Robert4

macrumors 6502a
Original poster
Apr 20, 2012
657
30
Hi,

Reading about this Ransomware craze.
Really scary.
Do a lot of Backups, but still very concerned.

All of the avail virus and Malware packages avail for a fee do a lot of
bragging about Ransomware protection.
As expected.

Is there any concensous, though, which is really the "best" ?

Thanks,
Bob
 
Sensible caution. These add on's are likely to cause trouble of one sort or another. I wouldn't even consider any of them for "active" protection. Just check in a few places to see what is auto starting on your mac. System Preferences/User/logon Items and also in Library/Launch Agents and Launch Daemons.
 
AFAIK, all ransomwares need to phone home first, before they can encrypt the disc.
That is why I use Little Snitch to monitor and control all outgoing network connection requests myself.
 
There's been only one case of ransomware on the Mac (that I know of) -- with a corrupted copy of "Transmission", a year or two back if I recall right.

It was dealt with quickly.

I haven't heard of anything since.
Not saying it won't happen.
 
I use security best practices and have never installed antivirus on a Mac and have never had a single issue.

I used security best practices and also installed antivirus on the PCs I used to build back in the day and had virus issues all the time.

I'm not worried about it.
 
There's been only one case of ransomware on the Mac (that I know of) -- with a corrupted copy of "Transmission", a year or two back if I recall right.

It was dealt with quickly.

I haven't heard of anything since.
Not saying it won't happen.
That sounds about right—early 2018, I think. Apple got it fixed in a hurry. I know that El Cap was in the security update but older was. All my schools called when the first rollout of the security patch did not include OS 10.11. A few days later, when Apple finally released the fix for El Capitán, a lot of people breathed easier. This is why all those 2007–early 2009 iMacs are being replaced this year (about time!).

When someone tells me that OSxxx (over three years old) runs great and there's absolutely no reason to upgrade and bla, bla, bla... I agree — as long as they stay off the internet.
 
Reading about this Ransomware craze.
Really scary.
Do a lot of Backups, but still very concerned

Disregarding issues about Mac susceptibility and safe browsing/internet practices, there are things that you should consider with your backup policy.

1. If your main system becomes corrupted, assume that any directly connected backup disks (not sure about network disks) have been corrupted as well.

2. If your cloud backup only keeps one version of a file, then potentially your cloud backup could be corrupted.

3. Consequently keep your archival backups disconnected from your system, with at least one set of disks/storage kept in offsite storage, as in a safe deposit box. Ensure that your cloud service keeps snapshots so you can revert to earlier versions.

4. If your APFS drive has snapshots, if it becomes corrupted if there is an earlier snapshot you may be able to revert to that.

Several articles indicate that if you use Time Machine that you should be able to revert to an earlier version. What is unclear to me is that as TM archive files are accessible from the finder, then malware should be able to encrypt all the TM files as well.
 
Apple has a lot of safeties in place to prevent a ransomware attack on an iMac. Randomization of memory addresses, manual permission access, sandboxing, gatekeeper (Apple manually signed software from known devs), 2FA, etc, etc.

Known malware is actively blocked and there is malware protection natively running looking for malware esk behavior. Auto security updates being enabled will also purge malware if found.

And of course System Integrity Protection aka SIP aka rootless prevents even root access from modifying system files and it can only be turned off from recovery mode.

Nothing is impossible but it would take a few zero day exploits to really cause any serious damage plus Apple is all over there security. So it would take tons of money, tons of time and the time window created to exploit user data would be very narrow. Its just not worth the effort when the same group of hackers could do more damage and/or make more money with Windows that a lot more businesses (banks and other financial institutions), government institutions, etc all use.

Again though, nothing is impossible. Some of the coolest viruses and malware are specifically designed to jump an air gap to a system that isn't connected to the internet. Apple can only make the task of hacking MacOS insanely difficult but never completely impossible.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.