LockBit, a powerful ransomware gang that has primarily focused on targeting Windows, Linux, and virtual host machines, has recently emerged with what appears to be its first-ever ransomware build designed for macOS. The discovery was made by MalwareHunterTeam and confirmed by cybersecurity expert Brett Callow, who noted that it could be the first time a major ransomware group is targeting Apple devices.

The new ransomware, which was apparently created for Apple Silicon Macs and has the build name “locker_Apple_M1_64,” is believed to have been developed by LockBit. This Russian-based group has grown in power in recent years due to its ransomware-as-a-service (RaaS) operation, which allows other criminals to use its ransomware for a fee.

Although there has been no mention of the new LockBit ransomware for Macs online, it could still have been circulating under the radar since November 2022, according to the infosec Twitter account vx-underground. MalwareHunterTeam believes that this is the first public alert about LockBit going after Apple devices, which could potentially lead to an increase in ransomware attacks targeting Macs.

It’s worth noting that while the M1 ransomware build may have attracted the most attention, there is also a LockBit ransomware build showing up for PowerPC Macs. This suggests that the group may be targeting a broader range of Macs than just those with the latest Apple Silicon.

One reason for LockBit’s success as a ransomware group is the leader’s business savvy, according to cybersecurity expert Jon DiMaggio. In an interview with Wired, DiMaggio stated that the group’s leader runs the operation like a business, making it attractive to criminals due to its point-and-click ransomware that anyone can use, regular software updates, and emphasis on user experience.