LockBit ransomware is targeting Macs for the first time

Researchers spot a LockBit variant for Apple M1 chips

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

One of the most infamousransomwarestrains, LockBit, has reportedly been spotted infectingAppleMac devices for the first time, ever.

Cybersecurity researchers from the MalwareHunterTeamtweetedabout finding “locker_Apple_M1_64” - “the first Apple’s Mac devices targeting build of LockBit ransomware sample seen”. What’s more, the researchers believe this might be the first time a “big name” gang targeted a Mac.

While targeting M1-powered devices might make headlines,9To5Macalso says that a LockBit ransomware build is also “showing up for PowerPC Macs”, as well.

Popular ransomware service

LockBit is currently one of the most widely-used ransomware variants around today. Its creators are offering the locker as a service (Ransomware-as-a-Service, or RaaS), allowing different hacking groups to use the tool for a fee.

Among its more recent victims is the space exploration company, SpaceX. In mid-March, hackers said to have breached one of the company’s suppliers, and through them, obtained SpaceX’s sensitive data, including thousands of drawings certified by SpaceX engineers.

On one occasion, one of LockBit’s affiliates also targeted SickKids, the Hospital for Sick Children. SickKids is a major pediatric teaching hospital located on University Avenue in Toronto, Canada, and Affiliated with the Faculty of Medicine of the University of Toronto. The group was later excommunicated by LockBit’s creators, who also issued an apology and released a free decryptor.

Port of Lisbon hit by ransomware attack>Data breached at LA Housing Authority after ransomware attack>These are the best malware removal tools at the moment

The group was first discovered roughly three years ago, and is believed to be operating either out of the United States, or out of China. Most members of the groups are speaking Russian, however.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far, ransomware attacks were contained to mostly Windows devices, with an occasional expedition into Linux. The Apple ecosystem was mostly perceived as safe from ransomware, until now. Whether or not this LockBit variant motivates more threat actors to start targeting Macendpoints, remains to be seen.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Latest Google Pixel update includes surprise launch of Android 15’s best battery feature