11-01-2013, 03:13 PM #1
Got Crypto Locker/Ransomware on your Mac?
- Member Since
- Apr 20, 2009
- 4.1 Mac Pro. 15" MBP. 13" MBP. 17" PB. PM G5. iPhone 6S+ 64gb Gold. Apple Watch 42mm.
I was simply looking for answers/questions to common healthcare interview questions. This one page took a bit to load, when a white page came up with a red field behind it. I had already done a lot of research on these type of viruses and had one friend who had it on his Windows machine, but never thought about it on the Mac. It was not possible to help him with most of his files, but the virus was removed.
My ransomware page had an FBI logo on the left corner, a field with my location and IP address, and a statements about copyright and related rights, and illegal access from something. You can try quitting out of Safari, but a popup will block you from doing so. Forcing Safari to quit, or shutting your computer down manually, are two ways to close out of it.
To get this virus popup while doing such a simple search kind of worries me...I wasn't really thinking about viruses when looking for interview questions.
Getting a little freaked out, the first thing I did was unplug the ethernet from my Mac Pro, and disconnected the power cable(without worrying about turning it off properly), both at about the same time. Haven't really practiced this stuff, so I was just going on instinct I guess.
Then, I ran downstairs to unplug the network stuff. These ransomware viruses can actually travel from one device onto another if they share the same network.
I went back upstairs and took out 3 HDDs(BootCamp, TimeMachine, and Data files) and left in only the OS ssd.
Held the power button on for 15 seconds just for fun.
Turned the MP back on with the ethernet unplugged and network still off(just in case the wifi was on).
When you open up Safari, it might want to automatically take you back to the last website visited, which should be the ransomware's site, and since you have no network connection, it can't force popups on you. From here, you have to reset Safari. Might as well do everything just to be safe, is my motto.
Note: All this can be done with the computer connected to the internet, but doing it with no connection does not allow any interaction between the site and other devices you might have.
According to some further research, these viruses do not yet have any true sticking abilities on the Mac, thankfully. It can't embed itself and encrypt files the way it can on Windows machines. What it does pray on is that people will get freaked when they can't quit out of Safari, and see that it keeps going back to that sight, enough that they will pay the ransom....when in reality, it's the lazy virus attempt on a Mac. It's no joke on a Windows machine, though.
Now I have something fun to tell during the interview. Wish me luck!“If you are distressed by anything external, the pain is not due to the thing itself but to your own estimate of it; and this you have the power to revoke at any moment.” Marcus Aurelius
11-01-2013, 04:09 PM #2
This might be an interesting read if you want to learn about something that's truly scary. What's worth noting here about this one - OS X succumbed to this one just as badly as others. In fact, it even rooted itself in an OpenBSD install and if it can do it there, well, it's safe to say that this malware is pretty pernicious (for those that don't know, OpenBSD's primary focus in security and it has a reputation for being one of the most secure operating systems in use).
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By galan05 in forum OS X - Operating SystemReplies: 7Last Post: 01-03-2015, 01:21 PM
By charlesnorris in forum Other Hardware and PeripheralsReplies: 1Last Post: 03-21-2012, 12:41 AM
By OneMoreThing... in forum Apple Rumors and ReportsReplies: 0Last Post: 07-15-2011, 10:11 AM
By jman995x in forum OS X - Apps and GamesReplies: 6Last Post: 09-08-2010, 02:32 PM