LockBit ransomware is evolving: Apple and ARM devices in the crosshairs
Security researchers have uncovered what appears to be an iteration in LockBit ransomware capabilities, suggesting the group is looking at targeting a range of hardware architectures in the near future.
Kaspersky’s Securelist revealed that they recently “stumbled” upon a collection of .ZIP files containing samples of the ransomware coded for a wide range of non-typical hardware architectures. Apple M1, ARM v6, ARM v7, and FreeBSD all have new, dedicated versions, among others.
Upon analysing the code of each sample, the researchers found a significant overlap with a previous Linux-based version of the ransomware. However, the macOS sample was unsigned, meaning it could be run, and the encryption method was effectively missing. The code is very likely in a testing phase at the moment.
“Nevertheless, our findings suggest that LockBit will target more platforms in the wild in the (near) future,” Kaspersky’s researchers said in a blog post.
The news comes as Apple has announced its own passkey system for both macOS and iOS.
The introduction of passkeys to iOS 17, iPadOS 17, and macOS Sonoma will allow users to log on without using a password, instead relying on touch or facial ID alongside the user’s Apple ID.
“A passkey is a cryptographic entity that’s not visible to you, and it’s used in place of a password,” Apple said on a support page. “A passkey consists of a key pair, which — compared to a password — profoundly improves security. One key is public, registered with the website or app you’re using. The other key is private, held only by your devices.”
“Through the use of powerful, industry-standard cryptography techniques, this key pair helps ensure a strong, private relationship between your devices and the website or app.”
You can learn more about Apple’s new passkeys here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.