Patrick Wardle, a security researcher who created a site called Objective-See to publish tools that he has created to secure his own Mac computer, has developed a free tool with a simple goal to stop OS X ransomware.
As Wardle puts it, "Unless you've been living under an 'infused rock', you are likely aware that ransomware is somewhat of a problem - to put it mildly". Heck, even the FBI is warning people to be cautious and have taken steps to neutralize some of the more significant ransomware scams.
Ransomware encrypts files on your computer and then you get a demand for ransom. Sometimes, just before the user gets a notification, the ransomware takes a photo of the user sitting in front of the camera via the internal webcam and displays it in the instructions.
You can get around this if you are using OS X Time Machine, by reverting to a time before the infection. However, if not and you do not pay, then say goodbye to your files, as they'll be gone; keep in mind, though, there have also been reports of people paying and then getting no response from the hacker.
In June of 2013, the FBI, and private sector partners disrupted a massive criminal bonnet built on the Citadel malware, putting the brakes on Reveton’s distribution. The following year, the FBI announced, that in conjunction with foreign law enforcement officials, they had seized Cryptolocker command and control servers.
The FBI provided tips to protect users:
- Always use antivirus software and a firewall. It is important to obtain and use antivirus software and firewalls from reputable companies. It is also important to continually maintain both of these through automatic updates.
- Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, its best to prevent them from appearing in the first place.
- Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files.
- Be skeptical. Don’t click on any emails or attachments you do not recognize and avoid suspicious websites altogether.
According to Wardle, there are already claims that 2016 is shaping up to be the year of ransomware; definitely not a Chinese Zodiac sign!
So now that I've got you all nervous, sucking your thumb in a closet, thinking of a special place. Let's talk about, Wardle's tool - RansomWhere?
In short, RansomWhere? Attempts to stop ransomware by using math; I wish I had paid more attention in math class. It continuously monitors the OS X file system, looking for encrypted files by suspicious processes. To limit false positives from legitimate programs, Ransomwhere? has an option to whitelist all applications signed by Apple or any Apple-signed applications that had been injected with code. The problem is that if the Apple signed program is already hijacked and comes injected with the code, the tool will not work.
Waddle acknowledges this, "Several design choices were consciously made -- to facilitate reliability, simplicity, and speed -- that may impact its protection capabilities. First, it is important to understand that the protections afforded by any security tool, if specifically targeted, can be bypassed. That is to say if a new piece of OS X ransomware was designed to specifically bypass RansomWhere? it would likely succeed."
The bottom line is that using a tool like RansomWhere? moreover, backups will make things a lot more difficult for criminals.