New Mac Ransomware Found in Pirated Mac Apps By MacRumors

Did y’all see this article?

I hope nobody is using pirated software.

1 Like

Note to self: Don’t download pirated software from a Russian forum…it might contain a virus. Haha.


One of the people who found it, Patrick Wardle, has had a free utility out for a couple of years that protects against ransomware like the one found here. The RansomWhere? utility notes when an app or process starts encrypting files, stops the process, sends up a warning window, and lets you allow or terminate the process. If it is ransomware the process will only be able to lock a couple of files before the utility stops it.

A few hours after I first installed it I got a warning about bzserv - which is BackBlaze’s background process, so I permitted it to continue. And that’s it - it just sits in the background and watches for files being encrypted.

Wardle’s day job is principal security researcher @ Jamf, but he has a side-gig offering free Mac security tools, and he runs a Mac-oriented security conference too. He’s a former NSA programmer and by all appearances seems to know his stuff.

Wardle writes about the new malware here:


(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


That’s a great name for an app.

The Objective See apps are free and extremely powerful.

1 Like

now we getting serious about things. interesting times ahead :slight_smile:

I downloaded ransomwhere. Thanks for the suggestion. I had actually seen some of his other free security tools. I’m glad he’s one of the good guys.

We want to be a place where all listeners feel safe to share and connect. I’m not sure we needed a Trump joke in a thread about bad Mac apps, though.


You get what you pay for :crazy_face:

This is very interesting, @bowline. Is RansomWhere? a bit of a resource hog or does it do its job quietly?

Political stuff its the best way to ruin this board…
Delete it!

1 Like

It comes at #18 on my processes using RAM, just below Dropbox and Default Folder X.

1 Like

You won’t ever know that it’s running, but it will occasionally flag as “false positive” so don’t be too unnerved when that happens.

It’s looking for “potentially suspicious behavior” and when it sees any, it will stop it immediately, erring on the side of caution. It will tell you the app that it suspects, and as long as you recognize the app, you’re probably fine.

1 Like

Which is pretty much exactly what you want in a case like this. A little excess caution is good.

And since MacOS Catalina has likely conditioned us to deal with tons of pop-ups, a few extra won’t be a bother at all. :wink:

1 Like

We’ve had a couple flags in here, and rightfully so. We can talk about tech, and politics will crossover with that sometimes, but bringing those topics in out of the blue is not something we want to see. Especially after I published a warning.

As such, I’ve removed a couple of posts from the thread.


Thank you. This is an awesome forum and you guys are doing a great job maintain it.