LockBit ransomware group tests encryptors targeting Macs

According to some twitter threads published by cybersecurity researchers vx-underground and MalwareHunterTeam, the major ransomware operation LockBit has created encryptors specifically targeting MacOS for the first time.

"locker_Apple_M1_64": 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
As much as I can tell, this is the first Apple's Mac devices targeting build of LockBit ransomware sample seen...
Also is this a first for the "big name" gangs?
🤔@patrickwardle
cc @cyb3rops pic.twitter.com/SMuN3Rmodl

— MalwareHunterTeam (@malwrhunterteam) April 15, 2023

---

Lockbit ransomware group has created their first MacOS-based payload. We believe this is the first time a large ransomware threat group has developed a payload for Apple products.

We have samples.

Intel via @malwrhunterteam & @BrettCallow

Download: https://t.co/bMGJXWYvc3 pic.twitter.com/My9ZtAHCcq

— vx-underground (@vxunderground) April 16, 2023

These encryptors were discovered by cybersecurity researchers on Virustotal and include one called ‘locker_Apple_M1_64’, which targets newer Macs running Apple Silicon.

However, the encryptor appears to be a test and was not intended to be used in live cyber attacks. It is possible that more advanced and optimised encryptors for MacOS and other CPU architectures may appear in the future, so all computer users, including Mac owners, should practice good online security habits to protect themselves.

---

Indicators of Compromise

HASH
3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
bf3ebc294870a6e743f021f4e18be75810149a1004b8d7c8a1e91f35562db3f5