Ransomware is surely one of the most insidious forms of malware around. Locking down your files to force you into paying a ransom, it’s a nightmare you never want to experience. It’s also extremely lucrative for criminals, so it’s no surprise there’s been a dramatic increase in ransomware in recent times.
Mac users aren’t safe from ransomware either. There are enough Apple computers in the world to make them a target for cybercriminals too. Some Mac ransomware even has the ability to steal passwords and credit card numbers.
In the face of this growing problem, it’s important to know how to deal with ransomware. How can you stop your Mac from becoming infected, and what should you do if it happens to you?
Before we start
Cybercriminals can hide malware, including ransomware, in booby-trapped files. In some cases, the malware won’t run until you attempt to open the file, so it’s a good idea to regularly scan your Mac for malware. You can do that easily with MacKeeper.
- Open MacKeeper, and select Antivirus from the sidebar
- Click Start scan
- If any malware is detected, select it, and click Move to quarantine
That’s not all MacKeeper can do. It’s also great for optimizing your Mac and protecting your identity. Try it out now!
What is ransomware?
Let’s start with a definition. Ransomware is not a type of virus, but it is a form of malicious software, and it’s based on a simple concept. It blocks and encrypts data by invading a computer, preventing access to all your documents and photos. Your information stays on your device, but you can only restore access once you pay the ransom to the criminals behind it all.
In most cases, cybercriminals set a specific deadline for the victim to pay up. If victims don’t meet this, they then risk permanently losing access to their data. There may be other threats as well, such as the timing of when scammers are going to publish your personal data or how they plan to use it to their advantage. However, you can’t rely on the integrity of cybercriminals. After all, even timely payment doesn’t provide you with any guarantees of getting your precious files back.
How to avoid being infected with ransomware
To avoid ransomware, you really need to know how it can get on your Mac in the first place. A common route to infection is email. Hackers will either send you a booby-trapped attachment, or they’ll send a phishing email so they can trick you into giving up usernames and passwords. If you use any remote computing or cloud accounts, they can then log into these and infect your Mac from there.
You can also pick up ransomware from websites and downloads. Simply clicking on a rogue ad could infect your system too. And you can get ransomware from other computers on your network, including mobile phones. In fact, you could get ransomware on your Android phone designed for macOS, and it wouldn’t do anything to your phone. But as soon as you hook your phone up to your Wi-Fi, it can spread and infect your Mac.
On top of that, hackers may target poorly secured remote access services such as RDP (Remote Desktop Protocol) or VPN (Virtual Private Network) servers with vulnerabilities.
Bearing all of this in mind, here’s how you can avoid Apple ransomware.
Don't open email attachments from untrusted sources
As we’ve already mentioned, email is one of the key ways you can end up with ransomware on your Mac. If someone emails you a file attachment, and you’re not 100% of who they are or what they’re sending you, don’t open it. And be on the lookout for criminals impersonating people you know to try to trick you into opening their infected files.
Watch out for phishing scams
Your personal data has a real value not just to you but to criminals too. Phishing scams are designed to steal it from you by tricking you into giving it up. They might use fake login pages, quizzes, or other methods, but the result is always the same. With the right logins and personal data, hackers can get into your accounts and even remotely access your Mac, giving them the ability to install ransomware. So it’s a good idea to read up on common types of phishing attacks and how to avoid them.
Use two-factor authentication
With two-factor authentication (2FA), criminals can’t access your accounts, even if they have your username and password. They’ll also need access to your form of authentication, which is usually access to your phone. If you set up 2FA, you’ll get one-time passwords sent to your phone, which expire every minute or so. This can help keep criminals out of your accounts, giving them fewer ways to attack you and infect your Mac with ransomware.
Stay away from disreputable websites
Simply by visiting the wrong website, you can get infected with malware, including Mac ransomware. Other times, you might get infected through a file download or by clicking on a rogue ad. Although this can happen with any website, it’s far more likely on disreputable sites if it’s been taken over by hackers. So avoid adult content, piracy sites, or any other sites you don’t know you can trust. Also, don’t click on any pop-ups you see on these sites.
Keep your operating system and apps up to date
Hackers are constantly looking for weaknesses in software, which they can exploit. Responsible developers will stay on top of these, creating patches and updates to close these loopholes. It’s essential, therefore, that you install these updates for your apps and for macOS. If you don’t install updates, you’re potentially leaving the door open for malware to enter your Mac, including ransomware.
Install real-time malware protection
It’s important to run regular antivirus scans on your Mac so that you can detect and remove malware from your Mac. But that’s of little use if you’ve been infected with ransomware. If the ransomware locks you out completely, you won’t be able to run a scan. And if it just locks up your data, removing the ransomware is unlikely to unlock it. For these reasons, you should install security software that offers real-time protection, like MacKeeper. This means it will constantly keep an eye out for malware, preventing it from running and making changes to your Mac.
What to do if you get infected
If you do get ransomware on your Mac, you might think paying the ransom is worth it to get back your valuable data. Indeed, in some cases, that will work, and the criminals really will give you the encryption key you need to unlock the files they locked down.
But there are good reasons why most cybersecurity professionals and authorities don’t recommend paying ransoms or contacting the attackers. Firstly, it encourages them to keep doing what they’re doing. In fact, they might even attack you again, because they know you’re likely to pay up.
Secondly, and perhaps even more importantly, there are absolutely no guarantees they’ll unlock your data. They may not want to, or they may forget to provide you with the encryption key. In many cases, they don’t have the ability to unlock your data at all, even if they wanted to. This is particularly true with the rise of ransomware-as-a-service, where unskilled criminals buy ransomware programs from coders.
So if we eliminate paying the criminals to remove ransomware from your Mac, what can you do? You have a few options, which we’ll look at here.
Run a virus scan
Assuming you’re able to boot into macOS and run apps, you can try using your security software to run a malware scan. This might be able to detect and remove the ransomware that’s plaguing your Mac. But there are no guarantees here: it’s in the interest of criminals to stop you from doing this, so you might find they’ve disabled or encrypted your security app too. You also need to be aware that this won’t decrypt your data. The malware may be gone, but your data will remain locked away.
Wipe your Mac
If you just want access to your Mac, and you’re worried about getting back your data, it might be best to simply factory reset your Mac. Completely wipe your system drive and reinstall macOS That way, you’ll end up with a clean version of the operating system, free of any Mac ransomware or other malware. Just be sure you don’t connect any infected external or secondary drives without clearing them out first. Otherwise, you might end up back at square one.
Restore from a backup
In a way, your backups can be the best ransomware protection your Mac can have. Whether you use Apple Time Machine for backups or a third-party app, you’ll be able to restore any data that has been encrypted by ransomware. However, there are some important issues to be aware of. Criminals can also infect and encrypt your backups, so you might find it’s impossible to restore your files that way. You should also be careful about connecting any external drives to your Mac if it’s infected with ransomware because it might spread.
Restore files from the cloud
Although it’s possible for hackers to infect your cloud files with ransomware too, you’re likely to find they haven’t been affected. So if ransomware has encrypted files on your Mac, you should be able to restore them from the cloud, if you’ve saved copies there. Just be sure that your Mac is clear of malware before you connect to your cloud accounts, either by running a virus scan or by factory resetting your system.
Run a ransomware decryption tool
It’s possible to decrypt your files without ever paying a penny to the hackers. The No More Ransom project offers a range of free ransomware removal tools for a variety of common ransomware threats. So far, it’s estimated these tools have saved victims more than a billion dollars, so it’s clear they can work. But it’s really a game of a cat and mouse, and sometimes the criminals are ahead. By one estimate, nearly half of ransomware decryption tools don’t work effectively, so prevention, protection, and backups remain key weapons in the fight against Mac ransomware.