Ransomware is surely one of the most insidious forms of malware around. Locking down your files to force you into paying a ransom, it’s a nightmare you never want to experience. It’s also extremely lucrative for criminals, so it’s no surprise there’s been a dramatic increase in ransomware in recent times.
Mac users aren’t safe from ransomware either. There are enough Apple computers in the world to make them a target for cybercriminals too. Some Mac ransomware even has the ability to steal passwords and credit card numbers.
In the face of this growing problem, it’s important to know how to deal with ransomware. How can you stop your Mac from becoming infected, and what should you do if it happens to you?
Before we start:
Cybercriminals can hide malware, including ransomware, in booby-trapped files. In some cases, the malware won’t run until you attempt to open the file, so it’s a good idea to regularly scan your Mac for malware. You can do that easily with MacKeeper:
- Open MacKeeper, and select Antivirus from the sidebar.
- Click Start scan.
- If any malware is detected, select it, and click Move to quarantine.
That’s not all MacKeeper can do. It’s also great for optimizing your Mac and protecting your identity. Try it out now!
In this article you will find the following:
What is ransomware?
Let’s start with a definition. Ransomware is not a type of virus, but it is a form of malicious software, and it’s based on a simple concept. It blocks and encrypts data by invading a computer, preventing access to all your documents and photos. Your information stays on your device, but you can only restore access once you pay the ransom to the criminals behind it all.
In most cases, cybercriminals set a specific deadline for the victim to pay up. If victims don’t meet this, they then risk permanently losing access to their data. There may be other threats as well, such as the timing of when scammers are going to publish your personal data or how they plan to use it to their advantage. However, you can’t rely on the integrity of cybercriminals. After all, even timely payment doesn’t provide you with any guarantees of getting your precious files back.
How to detect ransomware
There are several signs that your Mac may be infected by ransomware, some of which are more obvious than others. In extreme cases, your computer may be locked down completely, and you won’t be able to use it until the attack is removed, but this is fairly rare. More common symptoms include:
- Alerts from your antivirus or antimalware software that tell you an infection is detected
- Strange popups in your browser that say your files are being encrypted
- File extensions randomly change and you’re unable to open certain files
- Your Mac starts performing poorly and gets worse over time until frequent freezes occur.
If the strange behavior is only detected inside your web browser, it may be a scam website trying to fool you rather than an actual ransomware attack. Force quit the browser and then relaunch it without reopening any previous tabs, or try uninstalling and reinstalling your browser if necessary.
How to remove ransomware from Mac if you get infected
The best way to get rid of ransomware on Mac is to use a dedicated malware scanner to find and remove the malicious software. It’s unlikely you’ll be able to decrypt any files that have been encrypted, but if you have a recent backup of your data saved elsewhere, you can restore them.
We also recommend that you start ransomware removal as quickly as possible, once signs of an attack are detected. The faster you act, the greater your chances of saving some files. However, depending on the type of ransomware that has infected your machine, you may not be able to use it at all.
When you detect ransomware, you may be tempted to pay the hacker’s fee to fix your Mac and decrypt your data, but we strongly advise you to avoid it. Handing over your money tells attackers you’re an easy target, and even if you pay, there’s no guarantee your computer and files will be unlocked anyway.
Meanwhile, let’s now look at other ways to remove ransomware manually.
Run a virus scan
Assuming you’re able to boot into macOS and run apps, you can try using your security software to run a malware scan. This might be able to detect and remove the ransomware that’s plaguing your Mac. But there are no guarantees here: it’s in the interest of criminals to stop you from doing this, so you might find they’ve disabled or encrypted your security app too. You also need to be aware that this won’t decrypt your data. The malware may be gone, but your data will remain locked away.
Wipe your Mac
If you just want access to your Mac, and you’re worried about getting back your data, it might be best to simply factory reset your Mac. Completely wipe your system drive and reinstall macOS That way, you’ll end up with a clean version of the operating system, free of any Mac ransomware or other malware. Just be sure you don’t connect any infected external or secondary drives without clearing them out first. Otherwise, you might end up back at square one.
Restore from a backup
In a way, your backups can be the best ransomware protection your Mac can have. Whether you use Apple Time Machine for backups or a third-party app, you’ll be able to restore any data that has been encrypted by ransomware. However, there are some important issues to be aware of. Criminals can also infect and encrypt your backups, so you might find it’s impossible to restore your files that way. You should also be careful about connecting any external drives to your Mac if it’s infected with ransomware because it might spread.
Restore files from the cloud
Although it’s possible for hackers to infect your cloud files with ransomware too, you’re likely to find they haven’t been affected. So if ransomware has encrypted files on your Mac, you should be able to restore them from the cloud, if you’ve saved copies there. Just be sure that your Mac is clear of malware before you connect to your cloud accounts, either by running a virus scan or by factory resetting your system.
Run a ransomware decryption tool
It’s possible to decrypt your files without ever paying a penny to the hackers. The No More Ransom project offers a range of free ransomware removal tools for a variety of common ransomware threats. So far, it’s estimated these tools have saved victims more than a billion dollars, so it’s clear they can work. But it’s really a game of a cat and mouse, and sometimes the criminals are ahead. By one estimate, nearly half of ransomware decryption tools don’t work effectively, so prevention, protection, and backups remain key weapons in the fight against Mac ransomware.
How to prevent ransomware and protect your Mac
To avoid ransomware, you really need to know how it can get on your Mac in the first place. A common route to infection is email. Hackers will either send you a booby-trapped attachment, or they’ll send a phishing email so they can trick you into giving up usernames and passwords. If you use any remote computing or cloud accounts, they can then log into these and infect your Mac from there.
You can also pick up ransomware from websites and downloads. Simply clicking on a rogue ad could infect your system too. And you can get ransomware from other computers on your network, including mobile phones. In fact, you could get ransomware on your Android phone designed for macOS, and it wouldn’t do anything to your phone. But as soon as you hook your phone up to your Wi-Fi, it can spread and infect your Mac.
On top of that, hackers may target poorly secured remote access services such as RDP (Remote Desktop Protocol) or VPN (Virtual Private Network) servers with vulnerabilities.
Bearing all of this in mind, here’s how you can avoid Apple ransomware.
Don't open email attachments from untrusted sources
As we’ve already mentioned, email is one of the key ways you can end up with ransomware on your Mac. If someone emails you a file attachment, and you’re not 100% of who they are or what they’re sending you, don’t open it. And be on the lookout for criminals impersonating people you know to try to trick you into opening their infected files.
Watch out for phishing scams
Your personal data has a real value not just to you but to criminals too. Phishing scams are designed to steal it from you by tricking you into giving it up. They might use fake login pages, quizzes, or other methods, but the result is always the same. With the right logins and personal data, hackers can get into your accounts and even remotely access your Mac, giving them the ability to install ransomware. So it’s a good idea to read up on common types of phishing attacks and how to avoid them.
Use two-factor authentication
With two-factor authentication (2FA), criminals can’t access your accounts, even if they have your username and password. They’ll also need access to your form of authentication, which is usually access to your phone. If you set up 2FA, you’ll get one-time passwords sent to your phone, which expire every minute or so. This can help keep criminals out of your accounts, giving them fewer ways to attack you and infect your Mac with ransomware.
Stay away from disreputable websites
Simply by visiting the wrong website, you can get infected with malware, including Mac ransomware. Other times, you might get infected through a file download or by clicking on a rogue ad. Although this can happen with any website, it’s far more likely on disreputable sites if it’s been taken over by hackers. So avoid adult content, piracy sites, or any other sites you don’t know you can trust. Also, don’t click on any pop-ups you see on these sites.
Keep your operating system and apps up to date
Hackers are constantly looking for weaknesses in software, which they can exploit. Responsible developers will stay on top of these, creating patches and updates to close these loopholes. It’s essential, therefore, that you install these updates for your apps and for macOS. If you don’t install updates, you’re potentially leaving the door open for malware to enter your Mac, including ransomware.
Install real-time malware protection
It’s important to run regular antivirus scans on your Mac so that you can detect and remove malware from your Mac. But that’s of little use if you’ve been infected with ransomware. If the ransomware locks you out completely, you won’t be able to run a scan. And if it just locks up your data, removing the ransomware is unlikely to unlock it. For these reasons, you should install security software that offers real-time protection, like MacKeeper. This means it will constantly keep an eye out for malware, preventing it from running and making changes to your Mac.
Remove ransomware virus and restore the files
The best and most effective way to get rid of ransomware is to use a dedicated malware remover, like MacKeeper’s Antivirus. Once the infection has been found and removed, you can then safely restore your files from a backup, replacing those that have been locked down by the attack.
We strongly recommend that you don’t pay the ransom fee in an effort to remove the ransomware from your Mac, since even if you do, it’s highly likely the infection will remain on your machine, and your files will stay encrypted. Don’t be tricked into handing over your money.
