Previously limited almost exclusively to machines running Windows two new Ransomware variants have been detected that target Apple Mac users.
The first encrypts data and demands payment before files are released. This is similar to standard, the second is spyware that captures screenshots and keystrokes.
Both attacks are relatively new, and details on their origins are still sparse. Users are advised to keep regular backups of their data in case their devices are compromised and files are made inaccessible.
Both programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor network.
Today security experts are warning of the continued spread of WCry and of numerous variants being released over the weekend.
Typical of Any Ransomware users should be vigilant with any emails that could be carrying a payload or be links to a payload. At this point Microsoft has not ruled out any attack vectors:
We haven’t found evidence of the exact initial entry vector used by this threat, but there are two scenarios we believe are highly possible for this ransomware family:
- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
- Infection through SMB exploit when an unpatched computer can be addressed in other infected machines
Microsoft has released a patch for Operating systems going as far back as XP:
Windows update MS17-010