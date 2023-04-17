MalwareHunterTeam has discovered an archive that contains many new encryptors for LockBit ransomware , including one for Apple Macs.

One of the most significant ongoing ransomware operations, LockBit, now seems to be capable of conducting a ransomware attack on Mac computers as well. According to MalwareHunterTeam’s discovery of the LockBit encryptors archive on VirusTotal, they have a specific encryptor for Apple Mac devices named locker_Apple_M1_64.

New encryptors for different systems

The LockBit decryptors archive found by MalwareHunterTeam states that the archive was bundled on March 20, which is pretty recent. It has many encryptors for different systems, including ARM, SPARC, FreeBSD, MIPS, S390x, and PowerPC. In general, LockBit’s attacks focused on Windows, Linux, and VMware ESXi servers; it looks like the ransomware gang wants to expand its capabilities with new encryptors.

The new encryptors, however, look like they are in a testing process. Some of the encryptors have unrelated strings in their code, such as presence .dll and .exe file extensions in the file exclusion list of the Mac encryptor. Those signs suggest that the new encryptors are not ready for deployment.

Patrick Wardle, the founder of Objective-See Foundation, states that in its current state, the Mac encryptor will not be effective since they are not signed, and macOS has Transparency Consent and Control (TCC) and System Integrity Protection (SIP) capabilities, which the LockBit developers team will need a find to bypass them.