The Dangers of macOS Ransomware A Closer Look at KeRanger, FileCoder, MacRansom, and EvilQuest

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

MacOS ransomware typically spreads through user-assisted methods such as downloading and running fake or trojanized applications. It can also arrive as a second-stage payload dropped or downloaded by other malware or as part of a supply chain attack. When it infects a device, it typically follows a process of gaining access, executing, encrypting the victim’s files, and then sending a ransom message. There are several known families of macOS ransomware, which include KeRanger, FileCoder, MacRansom, and EvilQuest.