Jump to content


Free OS X Security Apps


  • Please log in to reply
10 replies to this topic

#1 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1553 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 21 April 2016 - 06:57 PM

I was reading about a free utility to help prevent encryption ransomware from taking hold of an OS X system. The app is called, "RansomWhere?" and while the author is the first to point out its limitations it may for the time being block some attempts. It turns out the guy has made some other utilities freely available so in case any of this is of interest here's a link to the page where you can get them if desired:

https://objective-se...m/products.html

The guy releasing these works for an enterprise-level security company and there's some info about him, etc. as well on his site.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#2 the Battle Cat

the Battle Cat

    Carnage Served Raw

  • Admin
  • 17420 posts
  • Location:Citadel City, Lh'owon
  • Pro Member:Yes

Posted 24 April 2016 - 07:13 PM

I never heard of ransomeware.  Is that actually a problem?
Gary Simmons
the Battle Cat

#3 Thain Esh Kelch

Thain Esh Kelch

    Admin

  • Members
  • PipPipPipPipPipPipPipPip
  • 3802 posts
  • Steam ID:thaineshkelch
  • Location:Denmark

Posted 24 April 2016 - 11:19 PM

View Postthe Battle Cat, on 24 April 2016 - 07:13 PM, said:

I never heard of ransomeware.  Is that actually a problem?
Oh yeah. It is starting to become the most popular form of scamming, since it is so efficient when it actually hits.

I would be surprised if Apple doesn't have something coming out against it sometime soon, as I don't see any use cases where systemwide or userwide file encryption would be something you'd ever want, short of using FileVault.
"They're everywhere!" -And now, time for some Legend of Zelda.

iMac 2011, quad 3,4Ghz i7, 1TB Samsung EVO 840, 8GB RAM, 2GB Radeon 6970m. + 2016 Macbook m3 + iPad 2 64GB + iPhone 4S 64GB + Girlfriend + Daughter

#4 the Battle Cat

the Battle Cat

    Carnage Served Raw

  • Admin
  • 17420 posts
  • Location:Citadel City, Lh'owon
  • Pro Member:Yes

Posted 25 April 2016 - 09:02 AM

OK thanks.  I guess I should run it until Intego gets their act together and includes it in their virus software.
Gary Simmons
the Battle Cat

#5 Sneaky Snake

Sneaky Snake

    Official Mascot of the 1988 Winter Olympics

  • IMG Writers
  • 3299 posts
  • Steam Name:SneakySnake
  • Steam ID:sneaky_snake
  • Location:Waterloo, Canada

Posted 26 April 2016 - 08:31 AM

MalwareBytes has anti-ransomware support in beta for their business security suite software. Not sure about Mac support.

Ransomware is a HUGE problem, especially in the professional world. I'm part of a company that does IT consulting for a wide range of business in Southern Ontario and I would say we have about 1 client per week that gets hit with it. You have to immediately take the infected computer offline, salvage what you can, and then completely wipe it and re-install the OS. You then have to scan the entire network for any other machines that might have been affected. In a network that was set up properly, the infection will be quarantined to just the 1 machine but so many clients don't want to pay the money for a properly setup network. When ransomware hits it can take down every single computer on their network, destroy years worth of business files, and prevent any business from happening for days/weeks while it is cleaned up. I've heard of companies going bankrupt simply due to ransomware hits.

On my personal/work machines,  I'm not too worried about getting it. Worst case scenario I can just nuke my machine and use my backup laptop for a few days.The best defense is to have all your data backed up regularly. That way the ransomware has no power over you.
          Ransomware: "We will encrypt and delete all your data! Fear me! Pay me money!"
          Me: "Cool story. I'm going to nuke the machine that you are on. I will just use yesterday's backup. You are nothing but a minor annoyance."
2015 13" rMBP: i5 5257U @ 2.7 GHz || Intel Iris 6100 || 8 GB LPDDR3 1866 || 256 GB SSD || macOS Sierra
Gaming Build: R5 1600 @ 3.9 GHz || Asus GTX 1070 8 GB || 16 GB DDR4 3000 || 960 Evo NVMe, 1 TB FireCuda || Win10 Pro
Other: Dell OptiPlex 3040 as VMware host || QNAP TS-228 NAS || iPhone 6S 64GB

#6 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1553 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 26 April 2016 - 08:53 AM

The problem I see there is newer variants are now also capable of encrypting attached backup drives and in some cases have at this point. So unless one likes unplugging their backup constantly the risk is not mitigated by a local backup. Come to think of it, I don't know how even unplugging your backup can save you reliably really aside of improving your odds. If you meant to the cloud, I can see that being safe for the time being given they'd need to also access that account, etc. which goes well beyond the scope of the far easier means of extortion they are employing now comparatively speaking.

A little while ago I read an article about this that featured a very sad story of an individual user, a woman who was hit with this and was not a tech savvy person at all. She relied on her daughter to help her with various problems on her computer when they arose. Somehow, her system was infected and she had to pay hundreds of dollars to get access to stuff precious to her, like family photos. I felt so sorry for her. She paid it and they unlocked her files but it is just really mean to hurt somebody innocent like that.

The point of retelling that little story is that while it seems to still be rare for home users thank goodness, it is happening even there. Worst of all, a lot of such persons do not know enough to back up their data still or fail to do it often enough, etc. as was the case in this story but even if she had if the version hitting her went for her backup drive it would not have helped her anyway.

About the best a home user can do is practice safe surfing habits and use whatever is available to try to defend against this. It will be nice when Apple releases something to defend against this. I hope it comes sooner than later.

By the way, just as an interesting aside, when I ran Malwarebytes here after installing the above defensive utility, it popped up an alarm indicating Malwarebytes was rapidly encrypting files. I got this quite a while ago directly from their site so I know it is fine and I went ahead and whitelisted it. I was a little surprised the developer hadn't already run into this and done so themselves by now. I suspect Malwarebytes is probably doing something with encryption related to its signature files or something and it is just a benign false-positive.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#7 Matt Diamond

Matt Diamond

    Master Blaster

  • IMG Writers
  • 2460 posts
  • Location:Holland, PA; US
  • Pro Member:Yes

Posted 26 April 2016 - 08:22 PM

I've even heard of hospitals getting hit with ransomware.

You'd think certain targets are off limits-- most people need a hospital at some point in their lives. But that's how amoral these bastards are. (In MY day, the criminals were moral! Oh wait, I guess that can't be true.)
Matt Diamond - www.mindthecube.com
Measure twice, cut once, curse three or four times.

#8 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1553 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 27 April 2016 - 05:55 AM

View PostMatt Diamond, on 26 April 2016 - 08:22 PM, said:

I've even heard of hospitals getting hit with ransomware.

You'd think certain targets are off limits-- most people need a hospital at some point in their lives. But that's how amoral these bastards are. (In MY day, the criminals were moral! Oh wait, I guess that can't be true.)

Well, it is interesting that there is a certain code of conduct among criminals most especially regarding violent criminals but it's such a negative subject I'm not going to get into it here. It's just worth mentioning they really do make various distinctions about what is okay and what is not okay. Unfortunately though, that doesn't stop those who are into doing what's not okay anyway. It only results in the other criminals having it in for them as well as law enforcement.

People can and do justify anything that suits them and they are often just fine with it once that mental bridge is crossed. In the hospital example it would be easy for some persons to decide that for-profit hospitals are evil, do not take proper care of patients due to their profit motive and therefore it is just fine to extort money from them as the bringer of righteous punishment. This is a very convenient way to view something like this. One goes from being a thief to being a hero in their own mind, all the while stealing money and also adversely affecting patient care despite their self-appointed crusader status.

By the way, I also read one story where the ransomware folks felt sorry for somebody and gave them a 50% discount on the second extortion payment. So there are some sweet guys out there, in their own twisted minds. It's too bad, if they had just a shred or two more of decency in them they might do it at all but I guess not.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#9 macdude22

macdude22

    Like, totally awesome.

  • Forum Moderators
  • PipPipPipPipPipPip
  • 2039 posts
  • Steam Name:Rakden
  • Location:Iowa
  • Pro Member:Yes

Posted 27 April 2016 - 06:06 AM

I can speak with complete aplomb that you should have little confidence in most hospital's IT departments ability/willingness to properly isolate, secure, and backup organizational data.
IMG Discord Server | http://raptr.com/rakden | http://www.trueachie....com/Rakden.htm
Enterprise (MacPro 3,1): 8 Xeon Cores @ 2.8 GHz || 14 GB RAM || Radeon 4870 || 480GB Crucial M500 + 2TB WD Black (Fusion Drive) || 144hz Asus Mon
Defiant (MacBookPro 9,1): Core i7 @ 2.3ghz || 8GB RAM || nVidia GT 650M 512MB || 512GB Toshiba SSD

#10 Sneaky Snake

Sneaky Snake

    Official Mascot of the 1988 Winter Olympics

  • IMG Writers
  • 3299 posts
  • Steam Name:SneakySnake
  • Steam ID:sneaky_snake
  • Location:Waterloo, Canada

Posted 27 April 2016 - 06:27 AM

View PostDirtyHarry50, on 26 April 2016 - 08:53 AM, said:

The problem I see there is newer variants are now also capable of encrypting attached backup drives and in some cases have at this point. So unless one likes unplugging their backup constantly the risk is not mitigated by a local backup. Come to think of it, I don't know how even unplugging your backup can save you reliably really aside of improving your odds. If you meant to the cloud, I can see that being safe for the time being given they'd need to also access that account, etc. which goes well beyond the scope of the far easier means of extortion they are employing now comparatively speaking.

Just don't give your machine admin rights to the network drives. Problem solved.
2015 13" rMBP: i5 5257U @ 2.7 GHz || Intel Iris 6100 || 8 GB LPDDR3 1866 || 256 GB SSD || macOS Sierra
Gaming Build: R5 1600 @ 3.9 GHz || Asus GTX 1070 8 GB || 16 GB DDR4 3000 || 960 Evo NVMe, 1 TB FireCuda || Win10 Pro
Other: Dell OptiPlex 3040 as VMware host || QNAP TS-228 NAS || iPhone 6S 64GB

#11 macdude22

macdude22

    Like, totally awesome.

  • Forum Moderators
  • PipPipPipPipPipPip
  • 2039 posts
  • Steam Name:Rakden
  • Location:Iowa
  • Pro Member:Yes

Posted 27 April 2016 - 06:56 AM

If you don't have 2 backups, one off site you don't have backups. That's my motto. It decidedly is not the motto of my employer. *shrug*

I got my bi-yearly off site backups stored at the bunker (aka mom's)
IMG Discord Server | http://raptr.com/rakden | http://www.trueachie....com/Rakden.htm
Enterprise (MacPro 3,1): 8 Xeon Cores @ 2.8 GHz || 14 GB RAM || Radeon 4870 || 480GB Crucial M500 + 2TB WD Black (Fusion Drive) || 144hz Asus Mon
Defiant (MacBookPro 9,1): Core i7 @ 2.3ghz || 8GB RAM || nVidia GT 650M 512MB || 512GB Toshiba SSD