Protecting Your Mac Against Ransomware

The recent dangerous WannaCry ransomeware attack should be a wake-up call to all computer users to keep their machines updated. While this malware does not affect Macs, that may not be true of future attacks. Keeping the operating system up-to-date would have protected victims of WannaCry. Please keep your Mac OS and apps updated, don't download software from sites you don't trust, and keep a good backup.

Video Transcript
Hi, this is Gary with MacMost.com. Let's talk a little about the recent ransomware attacks around the world. A few of you have asked me about these. Basically this is an attack on computers and systems around the world that infected some Windows computers when people clicked on links, downloaded some things that they shouldn't have. It's been dubbed 'WannaCry'. It's been particularly effective and gotten a lot of news because not only does it infect the computer where somebody maybe installed something that they shouldn't have but its also infected other computers on the same local network.

But the important thing to know about 'WannaCry' for Mac users is that it targets Microsoft windows. So it's not a threat to Mac computers. Now that doesn't mean that you shouldn't be concerned about ransomware. It's just this particular attack called 'WannaCry' doesn't effect Macs.

But there's important lessons for us to learn here. We should take this opportunity to learn a little bit more about ransomware. Basically how it works is that once your computer is infected it will wait, usually a few days, so you don't know you have this. Then all of a sudden it will encrypt all of the data on your computer and you can't access it at all.

You can check out this Wikipedia page for all the details on this particular ransomware, 'WannaCry' and ransomware in general. Basically you have to pay some money to get a code that then decrypts all your files so you get them back. Of course there's the question of whether of not once you pay the money you'll actually get the code. Whether it will work. Whether you might not be subjected to attacks in the future. That kind of thing.

Fortunately, there are a few things you can do to protect yourself against this. As Mac users, who haven't been effected by this, but we should be prepared for perhaps an attack in the future. So how do you protect yourself?

It turns out it is really easy for anybody to avoid 'WannaCry'. All they needed to do was make sure that they had their computer updated because this vulnerability was known awhile ago and Microsoft offered an update. It was only people who did not apply this update that had the problem. So it's important you do system updates.

Now I know there are a lot of reasons why people don't do system updates. They see an update and they want to put it off. They're in the middle of something and they decide not to do it at the moment. Or maybe they're afraid that it might break something they're doing right now, maybe some software they're using. Maybe they don't like how things change every once in awhile with updates. Maybe something looks a little different or works a little different. But it is so important in today's world that you keep your system updated.

It's critical because just like with this ransomware attack, which is hurting lots of people around the world, there are threats out there and the defense against these threats is to have an updated system. In the past Apple has been very fast at updating Mac OS to make sure it protects against threats like these. But you have to apply the update. If you decide not to do them then you could end up being a victim like this.

So in addition to doing this kind of thing you want to make sure that you follow some basic rules. Like, for instance, don't download things you don't trust. You can download stuff from the Mac App Store but be very, very cautious downloading something from outside the Mac App Store. If you're not sure just don't do it. Now obviously there's some companies, like say Adobe and Microsoft, etc., that are big companies you know and you might have been using their software for years. So just make sure you're downloading directly from them, not from a site that might be masquerading as them.

Then, of course, keep your software up to date. Not just your operating system but all of your apps and everything like that because even apps themselves may have security fixes inside some of their updates. So you want to make sure you're running the most recent versions of those.

Then pay attention to the news because every once in awhile there maybe some important thing you need to know where you can update your computer quickly or avoid a problem and you want to keep yourself informed. So you want to do that.

Of course, I'd say the fourth thing is to keep a good backup. Having a time machine backup is a necessity for Mac users. You know, so far, ransomware attacks don't seem to effect time machine backups, that kind of thing. But it's possible technically that even time machine backups could be vulnerable to this. So you may even want to consider an online backup which would be a lot tougher to, you know, harm in terms of a ransomware attack.

So there's some advice for you. Nothing to worry about from 'WannaCry' for Mac users since it's Windows software. But you do want to make sure that you keep your OS and your apps up to date to prevent anything like this from happening in the future.

Comments: 23 Responses to “Protecting Your Mac Against Ransomware”

    Mac Carter
    5/18/17 @ 9:39 am

    Good video, Gary. It’s worth noting that at least one malware expert has mentioned that backup hard drives may be just as vulnerable as your computer hard drive IF the backup is connected. This “expert” recommend disconnecting your backup drive after each backup. That is something I find disturbing and hugely inconvenient… I run all of my backups automatically at 1am in wee hours.

    5/18/17 @ 9:54 am

    Mac: I agree with you. I think it is dangerous to tell people to disconnect their backups because they will forget to reconnect them and end up backing up far less than what they should. But Windows users are used to “occasional” backups whereas Mac users have been doing hourly backups for years now. So it is possible that his advice applies more to Windows users than us.
    What you can do is to have two backups (Time Machine allows you to do this easily) and saw them out daily or weekly. Or, do a second backup with another method (a clone). Or, do an online backup as well as a Time Machine one (this is what I do).

    John Erskine
    5/18/17 @ 9:55 am

    Re the backup mentioned; is it sufficient to have your data backed up in the iCloud? or should you use an external HD? I’m kind of new to MAC, but have an iPhone and an iPad, so shifted to a MAC to be consistent. Thanks!

    5/18/17 @ 9:58 am

    John: There is no method to do a true backup to iCloud. iCloud is a cloud data service, which is different than a backup. I would 100% advise you to at least have a Time Machine backup going.

    MissDori
    5/18/17 @ 10:00 am

    Apple support told me, if I get one of the screens telling me my Mac has been held for ransom, to simply turn the computer off by pressing the on/off switch. Don’t touch any keys, just turn it off. What are your thoughts on that, Gary?

    5/18/17 @ 10:09 am

    MissDori: Hard to tell what Apple support is responding to. It is true that sometimes fake ads or simple adware will tell you that you have ransomware, but in fact you don’t. It is a fake-out, just hoping you will panic and pay even though your data is fine. It is much easier for them to do this than to actually make ransonware, of course.

    Ken Kenton
    5/18/17 @ 12:46 pm

    Gary, what’s an “online backup”? All my files are in Dropbox. Does that qualify as an online backup?

    5/18/17 @ 12:49 pm

    Ken: An online backup will automatically (in the background) back up all of your files to a server. Examples are CrashPlan and BackBlaze. DropBox is a cloud service where your files are stored on a server and mirrored accessed on demand, usually with a cache so it is faster. If ransomware got a hold of your system, it would encrypt the files and then those encrypted files would be automatically synced with the cloud service, so it would not help in that situation. With a backup, you should be able to roll the clock back to before the problem.

    nick
    5/18/17 @ 1:57 pm

    Gary
    I updated the Mac OS as soon as it became available, however there were a number of bugs that caused significant issues. I posted this in the support community but no luck. I eventually used Time Machine to restore the previous version, which works great. So in absence of any kind of acknowledgement from Apple on this, I chose not to update, which I don’t like to do for the reasons you’ve described.

    5/18/17 @ 2:15 pm

    nick: What bugs did you come across that were so bad that you felt you needed to go back a whole version of macOS? Seems pretty extreme to me. Been using Sierra on all my machines with no problem since day one. (Don’t reply here with specifics, since it would be getting off-topic, but instead maybe ask in the MacMost Q&A Forum).

    UtahCornell
    5/18/17 @ 3:03 pm

    Regarding OS updates: I have a Macbook Pro (mid-2009). I have added memory 2 yrs ago, but if I update to Maverick or anything later, things become ridiculously slow & problematic. Hence I’m stuck at OS 10.8.5. This is a perfectly good machine, and I object to having to update to the latest OS which is not truly backward-compatible. Please keep in mind everyone doesn’t always buy the latest Bright Shiny Mac Object. I do keep regular TimeMachine backups & have an anti-virus. And I upgrade the apps

    Glenn
    5/19/17 @ 5:11 am

    Don’t think, Gary, that Mac was not hit by ransomware so far. The OS X version of Transmission, a BitTorrent program, fell victim to this.

    5/19/17 @ 7:33 am

    Glenn: That was a near miss. Hackers got into one version update of the app. Apple revoked the certificate and the developer updated again fast enough to prevent it. But that does show why we need to take precautions.

    Peterina
    5/19/17 @ 12:48 pm

    I’m new too. How do you get “time Machiy”for backups ou are talking about? Do you buy it through internet? Is it a hardware you buy from the computer store?

    Thanks for all your help!

    5/19/17 @ 1:18 pm

    Peterina: Time Machine is part of macOS and is already on your Mac. See http://macmost.com/backing-up-your-mac-with-time-machine.html

    Peterina
    5/19/17 @ 4:40 pm

    I know were asked to keep with the topic, but you deserve, hats off, lots of appreciation for your videos and teachings, and thousands of thanks!!!!!

    5/19/17 @ 4:45 pm

    Peterina; Thanks!

    Bert Mullemeister
    5/20/17 @ 3:27 am

    Hi Gary. I have not installed Sierra as my favourite game, Call of Duty, is apparently not compatible. I currently have El Capitan 10.11.6.
    If I choose to stay with this OS will I still get updates to avoid possible Malware attacks
    BTW Love you videos!!! Helpful as I teach oldies how to use Apple products (over 80 people ..one on one…5 a week)

    5/20/17 @ 8:26 am

    Bert: Sierra has been out since September 2016 (and in beta for months before that) and that game still doesn’t support it? Are you sure? I see several of those games in the Mac App Store an no mention of them not working in Sierra.
    Anyway, Apple still produced security updates for El Capitan. They did so just this week in fact. Eventually they will stop, of course, but for now you should be OK.

    SUSAN MCMILLEN
    5/21/17 @ 5:14 pm

    You said “With a backup (time capsule/timemachine, you should be able to roll the clock back to before the problem.” I have wireless backup to my time capsule, but if infected wouldn’t it lock me out of my back up as well?

    5/21/17 @ 5:42 pm

    Susan: Possibly. It all would depend on the capabilities of the ransomware. It could leave the Time Machine backup alone, or it could encrypt that too. It would not be easy for ransomware to do both, but as we are talking about theoretical ransomware, we can speculate either way. But that is why having an off-site backup or a second backup like I mention could help — it is all theoretical. I use my Mac for work, so I have a ton of stuff to protect. But a home user may only have a small folder of things and an occasional copy of the Documents folder to a USB stick could be all that is needed to turn a ransomware disaster into a shrug of the shoulders and a clean-and-reinstall situation.

    SUSAN MCMILLEN
    5/21/17 @ 6:32 pm

    Thanks, I do have all of my photos and critical docs on a hard drive not connected all of the time. I just have reminders on my calendar to back up. I intend to use my old time capsule as another full back up once I get my new Airport capsule up and running.

    Dbob5678
    5/28/17 @ 4:48 pm

    Hi UtahCornell, suggest you check out replacing your old hard drive with
    a SSD. You can check with crucial.com to see what they offer for your specific model. There are other providers too. Just have Best Buy or another tech firm install it for you, if needed.
    I had a SSD installed in my previous MBP, an early 2011, with outstanding results.
    Boot time was reduced from 2 + minutes to 20 seconds. All other functions speeded up too. It runs Sierra without problems.

Comments Closed.