Ritual 666 Mac OS
- Thanks for clicking:)Zumbscraib- Join our community serverDon't forget to support me on Patreon c.
- The Sevendust or 666 virus was introduced. This virus would erase all non-application files on the system. It was known as 666 because it would leave a file on your hard drive called 666 and it.
- The virus affected Mac OS 4.1 through 8.0. It was known as 666 because it would leave a file on your hard drive called 666 and it would only execute itself on the 6th hour of the 6th and 12th.
Includes 16 items: The Way We All Go, Asphyxia, Strawberry Vinegar, Empty Horizons, This World Unknown, Sweetest Monster, Lily of the Valley, Blackberry Honey, AIdol, A Winter's Daydream, The Language of Love, Rituals in the Dark, The End of an Actress, Nothing & Nowhere, The Fairy's Song, The Mermaid of Zennor.
Thanks to Anna Szalay (SophosLabs), Xinran Wu (SophosLabs) and Paul Ducklin (Naked Security)
for contributing to this article.
We’ve been saying it for some time: Mac malware is rare compared to the stuff that targets Windows. But Apple computers are far from immune.
This year’s SophosLabs malware forecast included Mac malware geared towards harvesting data, providing covert remote access to thieves and holding files for ransom.
Other examples of Mac ransomware include OSX/Filecode-K and OSX/Filecode-L.
Now comes word of a new piece of Mac ransomware, which SophosLabs has identified as OSX/Ransom-A. Widely reported as an example of ransomware-as-a-service (RaaS) for Macs, it has become popularly known as MacRansom.
How it works
This ransomware is not in the wild. Those who want a sample must contact its creators through a secure ProtonMail email address. SophosLabs did obtain a sample and made the following observations:
When you first run the OSX/Ransom-A malware app, you won’t see any tell-tale popups asking for a password. The malware installs itself quietly to work under your own account, rather than as a system-wide program.
OSX/Ransom-A simply copies itself into a subdirectory called ~/Library/.FS_Storage, effectively allowing it to hide in plain sight. (The directory name ~/ is Unix shorthand for “your own home folder”, e.g. /Users/yourname/.)
The Library directory is used officially by macOS to store all sorts of configuration files in dozens of different subdirectories, making it an excellent place for malware to lie around looking innocent.
On macOS, which is Unix-based, files and directories that start with a dot don’t show up by default in directory listings or in the Mac Finder, so you might never notice the presence of the rogue .FS_Storage hidey-hole used by the malware.
Even if you do notice the malware directory, the name .FS_Storage gives it an official look – it was chosen because it looks similar to .DS_Store, an official macOS filename that you may well have noticed before.
Ritual 666 Mac Os X
Once activated, OSX/Ransom-A follows the now-familiar pattern of encrypting your files and then offering to sell you back the decryption key you need to recover them:
Note that this malware goes after files by starting in the special directory /Volumes, which is where all your currently-attached hard disks show up, including Time Machine backup volumes, USB keys and other removable drives.
In other words, if you regularly leave your backup disks plugged in so that they are online all the time, you expose them to malware such as ransomware – which is why we routinely recommend keeping at least one recent backup copy not only offline, but also off-site, just in case.
Ritual 666 Mac Os Catalina
Now what?
MacRansom is more evidence that hackers are working on ways to target Mac users with a variety of malware going forward.
Approach this as an awareness exercise.
Ritual 666 Mac Os Update
As part of that, we offer the following resources:
Ritual 666 Mac Os Download
- Read our advice on avoiding ransomware. Your best defense against any sort of malware is not to get infected in the first place.
- Listen to our podcast on dealing with ransomware. We explain what you need to know in plain English.
- Make regular backups and keep at least one copy offline. Ransomware is only one of many sudden ways to lose your precious data.
- Try our free Sophos Home product to protect your Mac. Anti-virus and web filtering is for everyone, not just for Windows.