advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
Company infected with Ryuk ransomware
Posted by: bazookaman
Date: October 09, 2019 05:03PM
Every computer in the company got it. Apparently that’s how it works. But MY question is, did it get my Mac? I have the only Mac in the company. They made an announcement over the intercom to shut down your computer but I was on a call. So I was happily working away while everyone’s computer was being encrypted. So I eventually shut down but I don’t want to boot it back up at home and spread it more. Totally ignorant here. So I’m doing this on my phone.




__________________________________
Never underestimate the predictability of stupidity
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: btfc
Date: October 09, 2019 05:34PM
Here's a primer:

[blog.malwarebytes.com]
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: Filliam H. Muffman
Date: October 09, 2019 05:37PM
I don't know for sure that this specific malware can encrypt the average Mac, the Malwarebytes page does not mention macOS. I haven't seen any information on the exact vector it uses and if it was required to have been triggered by a Mac on the network. What specific version of the OS and browsers were you running?

One website I found implied there is a Norton tool to remove Ryuk from Macs, but it seems to be only a generic REFERRAL link to buy Norton Utilities. facepalm



In tha 360. MRF User Map
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: N-OS X-tasy!
Date: October 09, 2019 05:42PM
Here's a more general article about malware and Macs: [www.macworld.co.uk]

To answer your original question: It seems your Mac is most likely immune to the Ryuk malware. From the article linked below:

Like most other ransomware that targets the enterprise, Ryuk exploits Windows vulnerabilities. But unlike WannaCry, there isn’t one specific vulnerability that it always targets first, such as that notorious Windows SMB exploit. Ryuk’s cyber attackers will spend time mapping their targets’ networks and maliciously acquiring credentials. As Microsoft patches Windows and Cisco patches networking devices, the Ryuk team will probably find new vulnerabilities to exploit. And they do it all just for you!

[webcache.googleusercontent.com]



It is what it is.
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: bazookaman
Date: October 09, 2019 05:59PM
Yeah. I read a bunch about it and came to the same conclusion re: the Mac. It was just super freaky today. Basically the entire company just shut down. Everyone's computer, the website. Everything. We were/are dead in the water. The new IT Manager is definitely earning his paycheck today/tonight.

Was thinking about getting a subscription to Sophos for the family computers. Now that I'm more paranoid than normal!




__________________________________
Never underestimate the predictability of stupidity



Edited 1 time(s). Last edit at 10/09/2019 06:00PM by bazookaman.
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: jdc
Date: October 09, 2019 06:19PM
Quote
bazookaman
Was thinking about getting a subscription to Sophos for the family computers. Now that I'm more paranoid than normal!

Seems like a great idea if your family runs windows.





----


Edited 999 time(s). Last edit at 12:08PM by jdc.
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: Sarcany
Date: October 09, 2019 07:50PM
Macs can be immune, but still carriers via email or file-exchange.

Macs -- not just Mac servers -- that have file-sharing connections available to Windows machines on the same network can have their data encrypted by ransomware. One of our Mac servers had a folder encrypted by ransomware... and quickly restored via Time Machine backup.

Ryuk is often spread via spam or phishing emails. You could have it in a message in your Inbox right now.

Assuming that you WANT to get your Mac back online and get to work...

Discuss it with your IT guys if they aren't nuts at the moment. If they appear to be the slightest bit distracted, leave them alone and live with your Mac being offline.

If they're willing to spare a minute to talk, tell them that Macs are immune and offer to download an antivirus app (Sophos is fine) and an antimalware app (MalwareBytes) from a second Mac and copy it onto your work machine with the work Mac completely disconnected from the network (Ethernet and WiFi) and see if they're willing to let you power it up on those terms.

...Until they give you the word, do not put the Mac back on the network. No Ethernet. No WiFi. It doesn't matter if your Mac is immune. It matters that this is a crisis and you shouldn't make trouble for the people putting out fires.



Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: bazookaman
Date: October 09, 2019 08:37PM
I powered it up at home and ran our corporate malwarebytes on it before turning on wifi and it found nada. we're pretty sure it was an employee who clicked an attachment or something along those lines. Our SysAdmin had just sent out an email earlier this week saying that we were being phished hard and to NOT click on anything. Apparently someone did.




__________________________________
Never underestimate the predictability of stupidity
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: Speedy
Date: October 09, 2019 09:51PM
[nakedsecurity.sophos.com]

“We’ve been saying it for some time: Mac malware is rare compared to the stuff that targets Windows. But Apple computers are far from immune.

This year’s SophosLabs malware forecast included Mac malware geared towards harvesting data, providing covert remote access to thieves and holding files for ransom.

Other examples of Mac ransomware include OSX/Filecode-K and OSX/Filecode-L.

Now comes word of a new piece of Mac ransomware, which SophosLabs has identified as OSX/Ransom-A. Widely reported as an example of ransomware-as-a-service (RaaS) for Macs, it has become popularly known as MacRansom.

How it works

This ransomware is not in the wild. Those who want a sample must contact its creators through a secure ProtonMail email address. SophosLabs did obtain a sample and made the following observations:

When you first run the OSX/Ransom-A malware app, you won’t see any tell-tale popups asking for a password. The malware installs itself quietly to work under your own account, rather than as a system-wide program.”



Saint Cloud, Minnesota, where the weather is wonderful even when it isn't.
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: Speedy
Date: October 09, 2019 09:53PM
[www.macworld.co.uk]

“Wondering how many viruses exist for the Mac? Here is a list recent Mac malware attacks, viruses for Apple computers, and security threats that Mac users have suffered.”



Saint Cloud, Minnesota, where the weather is wonderful even when it isn't.
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: jdc
Date: October 10, 2019 03:31AM
Quote
Speedy
“We’ve been saying it for some time: Mac malware is rare compared to the stuff that targets Windows. But Apple computers are far from immune.

That's from 2017. But could have been written in any year -- 2016-1999 -- and 30 years later "rare" seems to be teetering on 0.



----


Edited 999 time(s). Last edit at 12:08PM by jdc.
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: Sarcany
Date: October 10, 2019 06:34AM
Quote
jdc
Quote
Speedy
“We’ve been saying it for some time: Mac malware is rare compared to the stuff that targets Windows. But Apple computers are far from immune.

That's from 2017. But could have been written in any year -- 2016-1999 -- and 30 years later "rare" seems to be teetering on 0.

I've cleaned Mac malware off of over a dozen computers this week. Some of it included pretty devious proxy settings and configuration profiles that could give bad guys nearly complete control over a Mac.

It seems to me that there's more Mac malware than ever and it's a very serious problem.



Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: jdc
Date: October 10, 2019 06:51AM
Quote
Sarcany
It seems to me that there's more Mac malware than ever and it's a very serious problem.

can you share specifics? So we all know what to look for?

And how do you think they got these -- PEBCAK?

And whats your method for "cleaning"



----


Edited 999 time(s). Last edit at 12:08PM by jdc.
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: JoeH
Date: October 10, 2019 10:15AM
Quote
jdc
And how do you think they got these -- PEBCAK?

That is how most malware is "got", PC or Mac - or other computing platforms.
Options:  Reply • Quote
Re: Company infected with Ryuk ransomware
Posted by: Sarcany
Date: October 10, 2019 06:48PM
Quote
jdc
Quote
Sarcany
It seems to me that there's more Mac malware than ever and it's a very serious problem.

can you share specifics? So we all know what to look for?

How can you tell that you have malicious software running on your Mac?

Problems loading secure web sites and connecting to Exchange servers. SOCKS proxy appearing in your advanced network settings and reappearing on every reboot after you remove the setting.

Profiles pref pane appears in your System Preferences. Might be normal if your computer is owned by a large company, but even then you should check to see how the profile is identified and whether it clearly indicates that it came from your IT dep't.

Your home page and/or search engine is not what you expect.

You get pop up windows and ads for other websites when you hit a shopping website.

Safari reports that it can't load an insecure website for almost any URL you enter.

Your bank website won't let you log in.

You're running Google Chrome.



Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 281
Record Number of Users: 52 on November 20, 2014
Record Number of Guests: 2330 on October 25, 2018