Worried about Ransomware? If you’re on Mac OS X you’re safe – for now

Some good news has been released today for Mac OS X users who are worried about their PCs getting infected with ransomware: a security researcher has just developed a free security tool to keep your desktop safe.

Ransomware, which is a type of malware which infects your computer and essentially blocks certain functions or processes from occurring, rendering your PC essentially useless until you send a fee, or a “ransom” to the hackers who have infected your system.

The security tool, called RansomWhere? was created by Patrick Wardle, the Director of Research and Development at Synack, a security firm. The tool works to detect attempts at encryption from outside and unknown processes by monitoring users’ home directories and monitoring when encrypted files are created rapidly inside of them, which is one of the giveaways that indicates ransomware activity.


When RansomWhere? detects this kind of activity is detects the processes responsible for the file creation and suspends its ability to continue, and notifies the user of it’s findings. Then, it prompts the user to either continue with the file installation, or to terminate it.

In order to successfully detect instances of Ransomware, RansomWhere? whitelists all applications signed by Apple, and the majority of any apps which may have already been installed on the user’s Mac when it is first installed. This means that RansomWhere? needs to be installed on a Mac which has not previously been infected by Ransomware.

“RansomWhere? was designed to generically stop OS X ransomware,” Wardle said in a blog post on his website Objective-See. “However several design choices were consciously made — to facilitate reliability, simplicity, and speed — that may impact its protection capabilities. First, it is important to understand that the protections afforded by any security tool, if specifically targeted, can be bypassed. That is to say, if a new piece of OS X ransomware was designed to specifically bypass RansomWhere? it would likely succeed.”

“From a user’s point of view, it really sucks,” Wardle said in an interview with Business Insider on Wednesday. “Even if they’re [following] best security practices — they haven’t turned off Gatekeeper [Apple’s anti-virus software], they’re not downloading shady apps from random sites — they still would have gotten infected.”

This is good news for Mac OS X users, who may have been feeling some stress as ransomware hackers have begun to move from targeting only Windows PCs, to a broader range of operating systems. Currently there are already versions of ransomware which can infect Linux-based systems, so it’s only a matter of time before hackers begin spreading to Mac OS X systems, as well.

As always, here at Corey’s Computing we’ll be publishing updates about viruses, ransomware, and other threats to your computer’s performance and security here on our blog, so make sure to check back soon.