Let’s start by saving you a whole lot of reading: No. That said, malware makes headlines regularly these days, and although Macs are targeted far less than Windows PCs, Mac users still need to remain vigilant. A particularly serious type of malware is called “ransomware” because once it infects your computer, it encrypts all your files and holds them for ransom.

What is ransomware? It’s a serious type of malware so-called because once it infects your computer, it encrypts all your files and holds them for ransom.

Macs are targeted far less than Windows PCs. In fact, I can only think of a few pieces of ransomware that have been directed at Mac users:

  • The first, called FileCoder, was discovered in 2014. When security researchers looked into its code, they discovered that it was incomplete, and posed no threat at the time. 
  • The first fully functional ransomware for the Mac appeared in 2016, a bit of nastiness called KeRanger. It hid inside an infected version of the open source Transmission BitTorrent client and was properly signed so it could circumvent Apple’s Gatekeeper protections. As many as 6500 people may have been infected by KeRanger before Apple revoked the relevant certificate and updated macOS’s XProtect anti-malware technology to block it.

     

  • In 2017, researchers discovered another piece of ransomware, called Patcher, which purported to help users download pirated copies of Adobe Premiere and Microsoft Office 2016. According to its Bitcoin wallet, no one had paid the ransom, which was good, since it had no way of decrypting the files it had encrypted.

If you’re not pirating software or using BitTorrent—or even know what BitTorrent is?—ransomware isn’t something to worry about. Sure, it’s likely that malware authors will unleash additional Mac ransomware packages in the future, but the probability of it hitting your Mac is incredibly small.

There are a few reasons for this. First, Apple’s Gatekeeper technology protects your Mac from malware by letting you launch only apps downloaded from the Mac App Store, or those that are signed by developers who have a Developer ID from Apple. Since malware won’t come from legitimate developers (and Apple can revoke stolen signatures), Gatekeeper protects you from most malware.

Second, Apple’s XProtect technology takes a more focused approach, checking every new app against a relatively short list of known malware and preventing apps on that list from launching. Make sure to leave the “Install system data files and security updates” checkbox selected in System Preferences > App Store. That ensures that you’ll get XProtect updates. Similarly, install macOS updates and security updates soon after they’re released to make sure you’re protected against newly discovered vulnerabilities that malware could exploit. If you’re a Sentinel+ member, we do this for your Mac automatically.

(Remember: On the Mac, you must be running one of the last three operating systems (presently 10.13, 10.12, or 10.11) in order to receive Apple security updates.)

Although regular backups with Time Machine are usually helpful, KeRanger tried to encrypt Time Machine backup files to prevent users from recovering their data that way.

The best protection against ransomware is a versioned backup made to a destination that can be accessed only through the backup app, such as an Internet backup service like Backblaze. The beauty of such backups is that you can restore files from before the ransomware encrypted them. This is one reason we say that you should have your “data in three places, one of which is off-site.”

If you ever are infected with ransomware, don’t panic, and don’t pay the ransom right away. Contact us so we can help you work through your options, which might entail restoring from a backup or bringing files back from older cloud storage versions. There are even decryptors for some Windows ransomware packages, and such utilities might appear for hypothetical Mac ransomware as well.

There are plenty of things to worry about in this world. Happily, ransomware on your Mac isn’t one of them.