Stop online thieves from taking your Mac hostage.

This past Sunday about 6,500 Mac users received the ransom note. All their documents, photos, everything, held hostage. A message offers their data back if you pay a fee (about $400). Ransomware - software that takes all your data hostage - is now a reality on a Mac.  

Ransomware has been around since 1989, but up until now has only been a problem for Windows PCs. And it's a big problem. One of the most recent ransomware viruses extorted more than $18 million from users. 

Because I work with both PCs and Macs, I have been seeing PC Ransomware cases regularly for years. Ranging from attorneys with all their client data seized and held hostage (most ransomware travels inside of Microsoft Word documents), to moms and dads losing access to all their family photos and other documents. Sometimes they paid the ransom. Even then, they don't always get their data back. 

Ransomware is now a problem for Mac users. There are steps you can take to protect yourself from the thugs that steal data.  On a Mac the steps are easy. Do it now.  If you're a Windows user, the same principles apply to you, even though the apps may be different and less easy to use in most cases. 

Step 1: Backup the right way.

It's easy on a Mac, and you can make it a nearly-automated process, with multiple backups you can go back to no matter what the situation. If the latest backup gets compromised, we can go back a week. Or two. This system worked well for me when my MacBook Pro was stolen.

Using Apple's built-in Time Machine

I use Time Machine to make continuous backups every hour. You can do this with a basic hard disk (link to the drives I use on Amazon) connected to your Mac with no additional software.  Or you could make it more convenient and defeat human behavior by putting in place a more automated system that doesn't require you to plug in. My Mac uses Time Machine wirelessly at home and at the office. I put the same in place for my employees and my family members. I use a Mac Mini with Apple's built-in Time Machine server service, which allows you to back up a team of people over a wifi connection.

Using Carbon Copy Cloner

I use Carbon Copy Cloner to make a perfect, bootable disk image of my Mac every night. There are a lot of ways to do this, the most simple is to pick your hard drive, then pick an external drive, and let Carbon Copy Cloner do all the work.  

I prefer setting up Carbon Copy Cloner for a rotational backup system. I set the app up to ignore discreet volume identification: In English this means that I can write a schedule that tells Carbon Copy Cloner to back up my machine every night at the same time no matter which of three (or more) drives I have plugged in. This allows me to rotate them so that I can disconnect and stash the other drives elsewhere, not just disconnected from the Internet, but also off-site.

I keep a backup from home at the office, and one from the office at home. You can even use Carbon Copy Cloner over a wifi network.


Finally, I use Backblaze, a cloud-based backup software I'm growing really fond of. I was introduced to Backblaze by my bud David Sparks over at Macsparky. While Backblaze won't create a bootable backup, it's a cloud-based backup for Macs and PCs that treats Macs as first-class citizens, and even allows you to control your privacy settings.  Like Apple, Backblaze allows you to keep your own encryption key, which means that even Backblaze can't get to your data if you lose the key. This is seriously cool if you care about your privacy. 

I think David Sparks said it best over at MacSparky: If you get hit with ransomware, the only real solution is to nuke and pave your hard drive.  Have your backup ready and you'll be as calm and instantly in control no matter what happens.

Step 2: Don't accidentally disable Apple's built-in protection.

Apple has built-in software on modern Macs called Xprotect that Apple actively updates to protect your Mac from known malware (ransomware is a type of malware).

While it's not a guarantee against ransomware and other threats, Apple is pretty responsive for a big company, especially when it comes to threats.  When the ransomware was recently discovered, they moved quickly to yank the ability for users to install the app that contained it.

To let Apple do its part, make sure "install system data files and security updates" is checked in the App Store preferences within System Preferences (located under the Apple Menu).  Notice that I let Apple download all updates, and I let Apple install security updates automatically, but I don't allow Apple to update apps and OS updates automatically. There's a big reason for this. The ransomware that just hit thousands of users was evil code that someone slipped into a popular App that isn't available on the App Store, but is available on the Internet.  I'm preparing for the day when someone figures out how to sneak code into an App and get it into the App Store  It hasn't happened yet to my knowledge, but I don't want to be the first to experience it.

You might call me paranoid, but to me it's like looking left and right before crossing a street.

Step 3: Get additional protection.

Most Mac users don't have any idea how bad it is out there for Windows users. Did you know the average Mac user transmits at least one virus, malware or other threat per week? I get at least one Windows virus per day.

One of the first things I do for businesses and individuals I serve is teach them about cloud-based anti-threat protection. I use Sophos to actively screen my Mac including at the network level. 

This means I get alerted to threats as they're coming in, and even if they are idle. This includes PC viruses that won't affect me, but could affect someone if I unknowingly forward a document that contains a nasty.

There are other antivirus suites out there, and I've used almost all of them.  The problem with most antivirus software is that it bogs your computer down.  This doesn't happen with Sophos. Sophos has been around for over three decades, and was even on a lot of the original Mac OS X machines under the hood.

Sophos isn't cheap, but in my opinion it's the best.  I use Cloud Endpoint, which costs up to $250 per user per year. And because it's an organization-based product typically reserved for Enterprise, the version I use required a few hours of setup.

Step 4: Use your Mac and the Internet with care.

The app that contained the ransomware, Transmission, is a bit torrent client, which means it's designed for downloading files over the Internet, both legitimate and illegitimate. It's not available on the App store, and probably never will be. While I'm all for an open Internet and open platform where people can design and sell software independent of Apple, there's something to be said for the App Store where Apple takes great care to inspect and vet the apps before making them available.

I'm seeing more malware cases on the Mac.  This month we've had over 10 cases at TechRoom. In all 10 cases the customer shared with me that the ad they clicked on or the app they downloaded felt wrong. Besides taking the steps above to Backup, keep your Mac security up to date, and enabling hardcore anti-threat protection, trust your instincts and stay away from things that feel suspicious.  You'd be surprised how good your own instincts are, even if you're not a techie type.

Action Items

The most important thing: Take action now.

  1. Make sure you haven't disabled security updates on your Mac.
  2. Go buy a hard drive (or three) and set up Time Machine now.
  3. Download and buy Carbon Copy Cloner.
  4. Download Sophos (link to free version). If you need the hardcore version for your home or business you're welcome to reach out to my team at TechRoom.
  5. Be careful out there. If you're a business owner, make sure your IT person is actually managing things to prevent non-work related apps from getting on your computers.

Have a question?  Let me know. I'm @jamescoleman on twitter