www.macworld.co.uk
Open in
urlscan Pro
104.18.126.77
Public Scan
URL:
https://www.macworld.co.uk/how-to/ransomware-3659100/
Submission: On August 25 via api from SG
Submission: On August 25 via api from SG
Form analysis 2 forms found in the DOM
/search/
<form id="cse-search-header" action="/search/">
<input class="search-input" placeholder="Search" type="text" name="q" value="">
<input class="search-button" type="submit" value="GO">
</form>Name: fbSendToAFriendFormForm — POST #
<form name="fbSendToAFriendFormForm" id="fbSendToAFriendForm1FormID" action="#" method="POST" class="fbSendToAFriendForm" enctype="multipart/form-data">
<div id="recipientEmailFormFieldContainer" class="emailformFieldContainer formFieldContainer mandatory">
<input type="email" name="recipientEmail" id="recipientEmailFieldID" class="formemail " value="" title="Friend's email/s (comma separated)" required="" placeholder="Friend's email/s (comma separated)*" data-msg-email="Email address is not valid"
data-msg-required="This field is required">
<span id="recipientEmailFormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<div id="senderNameFormFieldContainer" class="textformFieldContainer formFieldContainer mandatory">
<input type="text" name="senderName" id="senderNameFieldID" class="formtext " value="" maxlength="99" title="Your Name" minlength="4" required="" placeholder="Your Name*" data-msg-maxlength="This field needs to be at most 99 characters"
data-msg-required="This field is required" data-msg-minlength="This field needs to be at least 4 characters">
<span id="senderNameFormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<div id="senderEmailFormFieldContainer" class="emailformFieldContainer formFieldContainer mandatory">
<input type="email" name="senderEmail" id="senderEmailFieldID" class="formemail " value="" title="Your email" required="" placeholder="Your email*" data-msg-email="Email address is not valid" data-msg-required="This field is required">
<span id="senderEmailFormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<div id="sendToFriendCommentFormFieldContainer" class="textareaformFieldContainer formFieldContainer mandatory">
<textarea name="sendToFriendComment" id="sendToFriendCommentFieldID" class="formtextarea " title="Comment" maxlength="400" required="" placeholder="Comment" data-msg-maxlength="This field needs to be at most 400 characters"
data-msg-required="This field is required">Hi. I saw this on Macworld UK and thought you should see it too.</textarea>
<span id="sendToFriendCommentFormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<div id="imageFormFieldContainer" class="hiddenformFieldContainer formFieldContainer">
<input type="hidden" name="image" id="imageFieldID" value="https://www.macworld.co.uk/cmsdata/features/3659100/mac-ransomware_thumb450.jpg">
<span id="imageFormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<div id="summaryFormFieldContainer" class="hiddenformFieldContainer formFieldContainer">
<input type="hidden" name="summary" id="summaryFieldID" value="Worried about Ransomware? We run through examples of Mac Ransomware, what to do if you are affected, and how to protect your Mac">
<span id="summaryFormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<div id="headlineFormFieldContainer" class="hiddenformFieldContainer formFieldContainer">
<input type="hidden" name="headline" id="headlineFieldID" value="Mac ransomware: the facts">
<span id="headlineFormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<div id="linkFormFieldContainer" class="hiddenformFieldContainer formFieldContainer">
<input type="hidden" name="link" id="linkFieldID" value="https://www.macworld.co.uk/how-to/ransomware-3659100/">
<span id="linkFormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<div id="FormFieldContainer" class="submitformFieldContainer formFieldContainer">
<input type="submit" name="" id="FieldID" class="formsubmit " value="Send" autocomplete="off">
<span id="FormFieldErrorMessage" class="formFieldErrorMessage"></span>
</div>
<input type="hidden" name="FHJS_222_000_III"
value="44CCACFE89BFAA0D2E5392FAB5EF899C4EA2A3B7087A8D8A5D3837AE2CB4ED19151BC58ABD7D5B8D69F63498B2607CCEC50D78821A4016F7AF82893C826C68D3B20CCBA49662DD4A8692859DD5DF177D76C589709F93F09FB3BC04C0FCDFF135697E5E73CEC316CDBBBDD8AA8B8AB0379A0AD1D13ECB3DAEB7FCD3ED28A21FA4A2C4E0D0889DF1AFA0DC1B50BDA7C514F99B92A08AAFAEA485B7CAA445C8DB2F82A64106D35250ADA4A7D1D3ED2DA38967A983AAC5A4A3480A19C51CD1B2713B8457A182801880AE1FDBD50985C4AD7BAEFA18BABC15AC2E7221EDCCEDF94B3B6C3CA5D06EDAEAADB796DCDCCDE1BDAD858E4E194AA05393F71902ACB22B8FD752B0DD5912C697BBEF9FBE0C64ADEECD5EA8975FC15396A8924DE8EFDE89B58EC9C4EFD7D6D30F7FB39C6E958E95D366927C1FC8BD0FFB517CDDB9B699E118AFD877797CBB5DDC5F9E1EDBD4AEA234BBFEE90D4F5EA7AB48E3DB9F77A0FBB95FABAEAB91D9091EB6859D8B9F90F9BD465B225291519E46A59BB0C385BE8889FA8906C4A7DED5E5FD76BBB56E28771F83AE6333A85123459E84374BC4C6DDDFD088A97880A38A2BA58689E5F715F11CD1F88AAD6169A8A0899C9CBE0BDCEFE1F1CCC3DDFB30E04735662685BC61F810D7C95D30C5B727B27CC5C944C9DB0CA292838AF9E4EEAA4C98A3B782CED13D0DAE7F07BD529F3093A8E9C0F9B295EF40CD938BAC3D888CB65547C0BDDF3BAB578992AFB99BEBC26C11ACFF3C80CB158C8084AB4BA407DA49A3A21FA38AA68A0788AC8750705AEFD1D6EFEED2FBA3AB74A38C8472A47AFA3A23F5C1CEFCE13CB7BFA8A337D8A5D592D3A0CD16FB05E39575269389D4C6C484AC7E78A18653819EBEDD6916368FED071D56809DA8BA92F197F4B124B5B63A9273305428D189D7B1DA4B5AD859188B8796AFDCC711033CDA9FACB66A7B894AA673A2760D4944D0CBE0DCB88808AB4D9059898E7A9503BFB0BEA0839118B105B41FE36A2EBA51E173809D90B0ADC5F5CBD6C1D57EA19E929CA18A7988B3DC3E90E0988F91B685BB99DA9E954DD38E8C19BB998899920DAFAB51BBE93352AAA4809A60836BD9BC51C4C4F4C0DDB09FB8B9DDDDDB182C89B7ABA3B99590398998AC96728250418746D395B0B6A3A2C5F0BDA90AA3ED88819247D1DB196F8F9317B2FDE0FDD9D711009B4A2E919A8C18898F42D3925E99037DA3909487848AEBB7BAF5B2AAAACBA89230CAB99145DD1D63C3DD4ED29C26BD7A5690BB3E920616F3C5616CDCA8EEAD5ADAB72AD1BFB5A2EEFEA1E9D9528EB3A744B3B4B27C9CA5B2387E075546939BAF9475DFD69D8F46D98F8C4CF6985A93C853EFB9AEA2B05314D51EDB7E7584D2DDEE755D945ADCF50D14CAFB6B6FB250150DDD8CAC9C56A94C9A919ABBB27EA693C7CAD96AC637BAC516C4ACF19CA69291F56D9F0C857ABDACA8B5B059C5C6ECA3867D935F9B986B32168A47A09D9A1393A94A629BC9AEA6F3BD72857B9834B86BBF4AA4BE2999A8CD1CC6BEB1CBCD5A48380899FD0946515FBAA7B8A0BEB7E8BCBBB79A45035CBBD39F8AA0FCB4BDB7A3A5AC7FAC9CC6C1D8EDC5C59F509C7F5772949D33803250E4D090DEF9698A1478FB05C98CF19E11D8D1F2C48F2686BCCECCE93B90989F4380DCE33D9FBBA95462AE236E81A8BCF5DF837D937B8BB28E8680A0811FD3C6BFDBB7B6B5B6AE933A8ADFF6ABFC3EC8C4D50A11D510AF6E1044AF72959A7381009A9083B893A1F2B98BEB93C52309BDB23A6C9C26A2A2B3ABB07DE797B69DDD49ECD5F8EE9060BB69C6943FC58D558E9ADF1B7EBFFD8DDD7ADD6C7CF7B9AAA68D99AED0B65D9ABADABD99AD8F70ADA4D662DCD8DCBCBA26B29F219EAA856192415720FDAE6F4090B79C988995D596DD119D1A1FD7D089266A902B6683B2A87AF9C4D13CA3F1399297BD5DF91489D1BF7A8FBA98AB7C35FDD6BA9CC6A11B09CADDBE2EAB7AA1FFA2AEEA7E39BE11C3DD0E9F993972B449B2BFBC55FC6B9BC5F6DCDF06ED616C6A2BC5D5DE9AB6A08DBEC0FD98806BB805F17B76979B77589DCDD17CB1A6A092377E9B92923D0F06EC90B3B949BFF138FDB9942D8A18D149C6B292799EC616A76508A16A72BDF6CF3506DB9E878B941398608CC49C94F8B7A99F0A29B0FCA88EB0B6485CC14CDCE0D789EECBA2C8B7A3AA203239BE85E3D0C55514AA938FBDA36822788C6ABE1690C51DF5DDA19EB2E3DCCDDD44AC9294AE5B66D1B2CDAABE09BEDB1F14B787FB58DA51D9CAECA4B27296BA9ECB00525CFFE5D550B2895277889BADBFF3E1B6131DC3ED8972A12C6B929B317E377A88FCD4D4C56F8A">
<input type="hidden" name="FHJS_333_000_III" value="/nQoFuXLpuJdhCYYZeUL3BnDBfnk8sKlwz6P8DgEmkM=">
</form>Text Content
Open Menu Search
* Apple
* Apple News
* Apple Reviews
* Mac
* Mac Reviews
* MacBook Reviews
* Mac News
* Mac How To
* Mac Software Reviews
* iPad
* iPad Reviews
* iPad News
* iPad How To
* iPhone
* iPhone Reviews
* iPhone News
* iPhone How To
* Apple TV
* Apple TV Reviews
* Apple TV News
* Apple TV How To
* Apple Watch
* Apple Watch Reviews
* Apple Watch News
* Apple Watch How To
* News
* Apple
* Mac
* Software
* iPad
* iPhone
* Reviews
* Accessories
* Apple Watch
* Apple TV
* Audio
* iMac
* iPad
* iPhone
* MacBooks
* Mac mini
* Mac Pro
* Software
* How To
* Mac
* Software
* iPad
* iPhone
* Deals
* More
* Accessories
* Audio
* Software
* Newsletters
* Magazine
* Search
* fb
* tw
* am
* yt
* rss
* Hot Topics
* iPhone 13
* New MacBook Pro
* Apple Watch 7
* New AirPods
* iMac deals
* iPhone deals
* Home
* How to
* Mac How to
CAN MACS GET RANSOMWARE AND HOW TO STOP A RANSOMWARE ATTACK
WORRIED ABOUT RANSOMWARE? WE RUN THROUGH EXAMPLES OF MAC RANSOMWARE, WHAT TO DO
IF YOU ARE AFFECTED, AND HOW TO PROTECT YOUR MAC
By Keir Thomas, Contributor | 23 Jun 20
CONTENTS
* > What is Ransomware?
* > How to protect a Mac from ransomware
* > Can Macs get ransomware?
* > How do I protect my iPhone or iPad from ransomware?
* > Can Macs get WannaCry?
* > Should I run an anti-virus app all the time?
* > Can Macs get Petya?
You might have heard about WannaCry, ransomware that crippled NHS computers back
in May 2017, and the Petya randsomware attack that came at the end of June 2017.
It's been a while since these high-profile cases that were only a danger to PC
users, but you might be wondering if, as a Mac user, you should be doing
anything to protect yourself from such threats, and how to fix things if you get
hit by ransomware.
Here's everything you need to know about detecting, avoiding and removing
ransomware on Macs.
WHAT IS RANSOMWARE?
Before we look at the cases of Ransomware on the Mac, we'll explain what
Ransomware actually is. It is a type of malware attack where your files are
encrypted against your wishes and a ransom demand tells you to pay a fee if you
want to get the files decrypted again.
As referenced above, Ransomware is a concern for Windows users, with WannaCry
and Petya being well-known examples on that platform, but is it something to
worry about if you use a Mac?
Well, if you use Windows on a Mac you should obviously be as cautious as you
would be if you were using Windows on a PC, but if you use macOS Apple has a
number of safety measures built in that should protect you, right?
Unfortunately even Macs have been affected by Ransomware attacks, although these
are very rare, as you will see if you read on.
This is one of several in-depth Macworld articles dealing with Mac security. If
you're looking for AV buying advice, read our roundup of the Best Mac
antivirus and Do Macs get viruses?; general advice can be found in our Mac
security tips; and those who think they have been hit by a virus should try How
to remove Mac viruses. We also have a full list of Mac viruses here.
CAN MACS GET RANSOMWARE?
Can Macs be infected with ransomware? Has there ever been a case of Mac
ransomware?
The answer is yes, but it's a very rare occurance. There have been a handful of
Mac ransomware examples identified by security researchers to date, but not one
has led to serious outbreaks and few if any Macs have been affected. However,
the list makes interesting reading to learn how a future ransomware outbreak
might spread and how it might operate.
THIEFQUEST / EVILQUEST (JUNE/JULY 2020)
Malwarebytes highlighted that malicious code was spreading in pirated copies of
Little Snitch and other Mac programs on a Russian torrent forum Rutracker.
The program attempts to install itself in several places in the system hides
behind names like "com.apple.questd" and "CrashReporter". If you install it on
your computer it will begin encrypting files before showing you a blackmail
message asking for $50 bitcoin to decrypt the files. Read more about it here:
Mac ransomware could encrypt your Mac.
It's thought that the ransomware element of this malware might be only part of
its purpose - the malware seems to search for certain file types before sending
them to a central server before any files are encrypted.
FILECODER / FILEZIP / PATCHER (FEBRUARY 2017)
Security researchers find and identify Filezip ransomware masquerading as
"patcher" apps that can be downloaded from piracy sites. Patcher apps are
designed to illegally modify popular commercial software like Adobe Photoshop or
Microsoft Office so they can be used without purchase and/or a license code.
When the user attempts to use the patcher app, Filezip instead encrypts the
user's files and then places a "README!.txt", "DECRYPT.txt" or
"HOW_TO_DECRYPT.txt" file in each folder listing the ransom demands (0.25
BitCoin; around £335 at the time of writing in May 2017). Notably, like many
Windows-based examples of ransomware, Filezip is unable to actually decrypt any
files, so paying the ransom is pointless.
KERANGER (MARCH 2016)
Security researchers find and identify KeRanger ransomware within an authorised
update for the Transmission BitTorrent client. The first real example of Mac
ransomware, this time the ransomware creators have clearly made an effort to
create a genuine threat.
KeRanger is signed with an authorised security certificate, so isn't blocked by
the macOS Gatekeeper security system, for example. KeRanger encrypts files and
then leaves a README_FOR_DECRYPT.txt file in the directory, in which the ransom
demand is made (one BitCoin; around £1,338.62 at the time of writing in May
2017).
However, thanks to fast action by the researchers and also Apple, who
immediately revoke the security certificate, KeRanger is halted before it
becomes a serious threat. If both agencies hadn't been quite so quick off the
mark, however, it could've been a very different story.
GOPHER (SEPTEMBER 2015) AND MABOUIA (NOVEMBER 2015)
Two security researchers, working independently, separately create Gopher and
Mabouia, two examples of ransomware specifically targeted at Macs. However, both
are only proof-of-concept demonstrations, intended to show that fully fledged
ransomware on the Mac is entirely possible.
Aside from copies shared with security researchers for them to learn from,
neither ever leaves the researchers' computers, so cannot spread.
FILECODER (JUNE 2014)
Security researchers found and identified FileCoder via the Virus Total
virus-scanning website, although by that point FileCoder was already old, having
been first detected by the site's malware scanner two years earlier.
Specifically targeting OS X/macOS, FileCoder is unfinished and not a threat, in
that it doesn't actually encrypt the user's data. It does display an app window
demanding a ransom of €30 (rather cheekily, this is discounted to €20 if a
credit card is used instead of PayPal or Western Union).
It's not known where FileCoder originated, or how it was intended to spread.
FBI SCAM (JULY 2013)
For over a decade, website-based ransomware has attempted to extort money from
gullible Windows users by "locking" the web browser to a purported law
enforcement website. This was always mere smoke and mirrors, however, and could
be overcome easily.
But in July 2013 security researchers discovered a similar scam specifically
targeting the Mac's Safari browser. The user was locked to a fake "FBI" webpage
via a dialog box that wouldn't let them leave the site, and a $300 "fine" was
demanded to unlock the system.
Quitting the browser was made impossible. If the user force-quit Safari, the
ransomware page simply reloaded itself next time Safari started.
Apple has since fixed Safari on both Mac and iPhone/iPad so that it's less easy
for browser-based ransomware like this to operate. However, you might still
encounter less virulent examples.
CAN MACS GET WANNACRY?
Put simply, no. WannaCry takes advantage of a bug in Microsoft Windows' network
file sharing system, a technology called SMB. Once WannaCry gets onto a single
computer on the network - usually because an individual opened a rogue email
attachment - it then uses a bug in SMB to inject itself into all other computers
on the network that haven't been patched.
Macs also use SMB as the default network file sharing technology, so you might
initially think Macs could be affected too. However, Apple uses its own bespoke
implementation of SMB. While this is fully compatible with Microsoft's version,
it doesn't suffer from the same bugs or security holes, so isn't affected by
WannaCry - or at least not in WannaCry's current manifestation.
The iPhone, iPad, Apple TV and even the Apple Watch don't use SMB file sharing,
so aren't even theoretically at risk from WannaCry.
CAN MACS GET PETYA?
Petya is another Ransomware attack, similar to WannaCry, that struck computers
in Europe and the US at the end of June 2017.
Petya hit some large firms, and like the earlier WannaCry ransomware attack that
affected the NHS in the UK, it spread rapidly to Windows computers on the same
network.
Computers are infected due to a vulnerability in Windows for which Microsoft has
released a patch.
Most of the antivirus companies have updated their software to protect against
Petya.
The Petya ransomware demands that $300 in Bitcoins be paid as the ransom in
order to regain access to the computer. However, the perpetrators are thought to
be amateurs as the ransom note gives the same Bitcoin address for every victim
and only one email address is provided for correspondence - which has of course
already been shut down.
The attack may have been targeted at the Ukrainian government rather than as a
means to make money.
HOW TO PROTECT A MAC FROM RANSOMWARE
Although at the time of writing there hasn't been a serious ransomware outbreak
on the Mac (or any Apple hardware), security researchers reckon it's a real
possibility.
Speaking on CNBC's 'Squawk Box' programme in the wake of the famous WannaCry
ransomware attack, Aleksandr Yampolskiy, CEO of SecurityScorecard, insisted that
Apple users are vulnerable to WannaCry-type attacks, even if that specific event
affected Windows systems only.
"It happens that this attack is targeting the Windows computers," he said. "But
Apple is absolutely vulnerable to similar types of attacks."
So, let's hypothetically assume you've been infected. What should you do?
STEP 1: DON'T PANIC
Take your time and avoid kneejerk reactions.
STEP 2: CLEAN UP
Use a malware scanner like the free Bitdefender Virus Scanner to search for the
ransomware and remove it.
It's unlikely you'll be the only person affected by the ransomware so keep an
eye on sites like Macworld to learn more about the nature of the ransomware
infection. You'll very likely find specific instructions on how to clean up the
infection, if a virus scanner isn't able to do so.
You might find that a security researcher has found a way to decrypt your files
for free, something that happened with the most recent example from the handful
of ransomware infections that have been identified on a Mac.
STEP 3: DON'T PAY
As you'll see later when we examine the handful of existing ransomware outbreaks
affecting the Mac, there's a good chance paying up won't actually recover your
files!
STEP 4: UNPLUG AND DISCONNECT STORAGE
The one example of effective ransomware seen on a Mac so far - KeRanger - also
attempted to encrypt Time Machine backups, to try to make it impossible for the
user to simply restore files from a backup.
Therefore, upon discovering your Mac has been infected by ransomware you should
minimise the possibility of backups becoming encrypted too by immediately
unplugging any removable storage like external hard disks, and disconnecting
from any network shares by clicking the eject icon alongside their entries in
the sidebar of Finder.
STEP 5: INSTALL THE RANSOMWHERE? APP
Consider installing the RansomWhere? app. This free app runs in the background
and watches for any activity that resembles the rampant encrypting of files,
such as that which takes place during a ransomware attack. It then halts the
process and tells you what's happening. Okay, so some of your files may end up
being encrypted, but hopefully not very many.
STEP 6: FOLLOW BASIC PHISHING PROTECTION RULES
As with many examples of ransomware and malware, WannaCry initially infected
computer networks via a phishing attack. Never open an email attachment you
weren't expecting, even if it appears to come from somebody you know, and no
matter how important, interesting or scurrilous it appears to be.
SEPT 7: DON'T USE DODGY SOFTWARE
The most recent Mac ransomware attempts to spread via "cracked" or patcher apps
designed to let you use commercial software for free. Therefore, avoid all dodgy
software like this.
STEP 8: ALWAYS ENSURE YOUR SYSTEM AND APPS ARE UPDATED
On a Mac you can configure automatic updates by opening the System Preferences
app, which you'll find in the Applications list of Finder, and selecting the App
Store icon. Then put a tick alongside Automatically Check for Updates, and
putting a tick in all the boxes directly beneath this heading.
STEP 9: INSTALL ONLY FROM OFFICIAL WEBSITES
If you suddenly see a pop-up saying one of your browser plugins is out of date,
for example, then be sure only to update from the official webpage for that
plugin - such as Adobe's website if it's the Flash plugin. Never trust the link
provided in a pop-up window! Hackers make frequent use of such pop-ups and fake
websites to spread ransomware and other malware.
STEP 10: BACK UP FREQUENTLY, AND DISCONNECT
If you have a backup of your files then it matters less if ransomware strikes
because you can simply restore. However, the KeRanger ransomware outbreak
attempted to also encrypt Time Machine backups, so you might choose to use a
third-party app like Carbon Copy Cloner instead to backup your files. Read more:
How to back up a Mac
Just backing up your Mac isn't enough though. To be really safe you should also
disconnect your backup drive after the Mac has backed up, that way the drive
can't be encrypted in an attack.
HOW DO I PROTECT MY IPHONE OR IPAD FROM RANSOMWARE?
iOS devices like iPhones and iPads were built from the ground-up to be much more
secure than Macs, and true ransomware via some kind of malware infection would
be extremely difficult to pull-off. There certainly haven't been any examples so
far, or at least on iOS devices that haven't been jailbroken.
However, iPhones, iPads and even Macs are subject to iCloud hijacking, a type of
ransom attack whereby a hacker reuses passwords discovered through one of the
many large-scale security breaches in order to log into and take control of a
user's iCloud account. They then change the password and use the Find my iPhone
service to remotely lock the iOS device or Mac, sending the user demands for
ransom money in order to restore control.
Often they threaten to remote wipe the device or Mac in addition to this. The
first such attack of this nature was the Oleg Pliss attack back in 2014.
iCloud hijacking is easily thwarted by setting up two-factor authentication, and
you should do so now!
However, regardless of whether an actual ransomware infection is possible, it
certainly makes sense to ensure you keep your iPhone or iPad fully updated (read
How to update iOS on iPhone or iPad) so as to have the best possible protection
against any potential threat. When a new iOS update becomes available a
notification will appear alongside the Settings app, and you'll be able to
update by opening Settings then tapping General > Software Update. (Note that
there's no way to configure automatic system updates on iOS.)
Any app claiming to provide antivirus scanning for iOS devices is likely to be
dubious at best because all iOS apps are sandboxed, so are unable to scan the
system or other apps for malware.
SHOULD I RUN AN ANTI-VIRUS APP ALL THE TIME?
It might surprise you but Macs already have antimalware built in, courtesy of
Apple.
XProtect runs invisibly in the background and scans any files you download as
part of the standard file quarantining process. XProtect is updated regularly by
Apple with new malware definitions and you can see the frequency of updates by
following these steps:
1. Open the System Information app by clicking Apple > About This Mac, then
clicking the System Report button.
2. Select the Software heading in the list at the left, and then the
Installations heading beneath this.
3. Click the Install Date column heading to sort the list by most recent and
look for entries that read XProtectPlistConfigData.
XProtect was how Apple was able to defeat KeRanger, perhaps the most serious
Mac-based ransomware threat so far, before it had a chance to become endemic.
Additionally, the most recent Mac ransomware, Filezip, has been added to
XProtect too.
Combined with other built-in safeguards such as file quarantining and Gatekeeper
- both of which stop the user blithely running apps or opening docs they
download from strange websites - the Mac is better guarded against ransomware
than you might think.
However, there's certainly no harm in occasionally running an on-demand virus
scanner such as Bitdefender Virus Scanner, even if this may well find many false
positives in the form of Windows viruses in things like mail attachments.
Windows viruses are harmless for Mac users. Read about the best Mac antivirus
software here.
Tags:
* Software,
* Mac
Note: We may earn a commission when you buy through links on our site, at no
extra cost to you. This doesn't affect our editorial independence. Learn more.
AUTHOR: KEIR THOMAS, CONTRIBUTOR
Contributor
RECENT STORIES BY KEIR THOMAS:
* How to get Continuity on an unsupported Mac
* How to customise a Mac desktop
* How to solar-charge a MacBook in the UK
Share this article
Share
Tweet
Send
Hi. I saw this on Macworld UK and thought you should see it too.
About Macworld Contact Site Map Information for Advertisers Licensing & Eprints
Privacy Policy Terms & Conditions Cookies
Follow Macworld on Twitter Follow Macworld on Facebook
© Copyright 2021 IDG Communications Ltd. All Rights Reserved.