Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
default featured image

Ransomware on Mac. Does It Exist?

Ransomware on Mac. Does It Exist?

One of the most annoying types of virus types nowadays is Ransomware – malicious software that locks files or a computer until its owner pays a ransom for decryption. Windows users do a lot of things to protect their files, but how about for Macs? Should Mac users be worried about such virus types? In this article, we are going to reveal the answer.

How Bad Is Ransomware?

PC users have to make regular backups, install antivirus software, use browsers with enhanced security and always keep an eye on everything they answer in their emails. All these actions are necessary because most viruses are written for Windows OS, due to its popularity among users. This type of malicious software typically integrates into operating systems on a low level, in order to have full access to any files on the hard drive.

The worst part here is that you will not necessarily get your files unencrypted after paying the ransom or, for example, the malefactor can require you to pay more.

Ransomware is at the peak of its popularity as many users simply don’t have the knowledge of how to deal with it. At MSP360, we performed a survey across a breadth of US-citizens to understand the current impact of ransomware, and the results are quite surprising. For example, most users will never pay a ransom, no matter what the price is. Those who would consider paying a ransom as an option, would not pay more than $300.


If you are interested in further details – take a look at our Ransomware Infographics.

Your computer can become infected through one of these ways:

  1. Open an attachment from an infected email.
  2. Get it with the help of malware, another kind of malicious software, which downloads ransomware onto the infected computer.
  3. Reading USB-sticks and other external media devices, which come from outside/untrusted sources.
  4. By accidentally downloading the infected file(s) when visiting a compromised website.
  5. The virus can breach your OS’ security system and install itself with no user interaction, this typically happens when you visit a compromised website.

Points 1-3 are impossible without the user, so you can simply avoid these threats by not doing as written in these pointers. Numbers 4-5 however, are more dangerous since they often use vulnerabilities in the OS of your computer. Is it real for Mac? Contrary to the common belief that “Macs are invulnerable to viruses and specifically ransomware”, this is not exactly true.

Ransomware on Mac

For a greater understanding as to whether your Mac is at risk, let’s take a closer look at usage scenarios. There are two popular ways of using Mac:

  1. Install the Windows system on bare metal. This means that you use a PC with “Mac hardware wrap”.
  2. Use of OS X natively, but launching Windows from inside a virtual machine from time to time. Windows is typically installed inside a special container, called a “virtual machine” (VM) and launched when necessary. This VM is often connected to the internal Mac network to be able to access the Internet.

Using Windows on bare metal is actually the same as using a regular Windows-PC, so you would need to install antivirus software, keep OS up-to-date and avoid undertaking unsafe actions, such as those from the previous chapter.

  New call-to-action

A more complex case is by using the native OS X and having Windows installed on a VM. If you omit further details, Windows can be run in a specially isolated sandbox and only need to be active when necessary to a user. If this VM doesn’t include important data, ransomware will have nothing important to encrypt. You can even disable its network connectivity, thus excluding any Internet treats for Windows OS – this further decreases the risk to Windows from getting infected.

But being an unpopular choice of OS amongst virus makers do not fully protect your Mac. McAfee reports that Mac malware grew 744% by the end of 2016. The likely reason for this huge growth is adware bundling, not ransomware for Mac. Adware just sticks banner ads to a user’s computer but does not affect his/her data.

You can also find reports about malware that crashes OS X by using built-in app vulnerabilities. For example, OSX/Filecoder was developed for OS X 10.11.x/10.12.x. Your Mac can become infected when searching for Adobe Premiere or Microsoft Office patches in torrent networks – it looks like a trivial patch archive with only the ‘Start’ button.

fter pressing the button, your Mac will be infected with ransomware and you will get lots of user files encrypted. Filecoder uses built-in OS X tools and commands, to support its activities and run from user context, so the system will not ask your permission about these changes. The encryption process is quite slow, but a lot of crucial user files are actually pretty small and can be encrypted relatively fast.

So, the security level of OS X is relatively high, but it can not completely protect you from all danger. Since this platform has encountered a rapid growth in popularity over recent years, virus makers increasingly pay attention to this OS too.

Mac Ransomware Protection

You can protect your Mac from ransomware (or lower its impact) by following pretty much the same recommendations as for Windows PC:

  • Do not use empty passwords for user login even if you are on “home user”. Blank passwords actually disable most of the built-in Mac protection tools. If you set the password, OS X will ask you to confirm any system-level change, thus decreasing the chance of silent ransomware Mac integration.
  • Enable “Gatekeeper” to restrict installation activities of non-trusted software. It uses a digital sign mechanism to detect whether the app publisher is trusted or not.
  • Create regular backups of all data you don’t want to lose and store these backups on an external drive or on a Cloud. You can even create a hybrid backup structure by using an external storage device for regular data copy and using cloud storage for sensitive data.
  • Don’t install dodgy software that installs a lot of suspicious tools together with the application in which you are interested in. You can avoid such risk by reading user reviews on the desired app.
  • Always install system security updates as OS X notify you. Apple creates security patches for every major security breach, so do not ignore them.
  • Install antivirus software on Mac. It is an obvious step, but we often put it at the end of the list; antiviruses for the OS X market are now growing although threat levels are rather low in general when compared with the world of Windows.


If you run Windows as the main OS on Mac and keep all important data inside – you are at risk as much as other Windows users. So pay strong attention to keeping Windows up-to-date, having efficient antivirus software, and creating backups for all important files. Remember that it is important to store these backups separate from your computer (external hard drive/cloud) so that ransomware could not encrypt them too.

If you run Mac natively with OS X and sometimes use Windows to work with platform-specific software, the risk of infection with ransomware on Mac is rather low, but it is still necessary to have your data backed up. Learn how to back up Mac in our separate article.

MSP360 Backup for macOS
  • Full and incremental backup
  • Cloud and local storage options
  • Encryption and compression
New call-to-action
MSP360 Backup for macOS icon