Patrick Wardle, a renowned cybersecurity expert focusing on Apple platforms, has examined a newly discovered macOS ransomware called Turtle. His analysis indicates that while the ransomware is not currently highly advanced, its presence underscores cybercriminals’ interest in targeting macOS users, with versions also seen for Windows and Linux. Despite being detected by several security vendors on VirusTotal, which is unusual for macOS threats, Turtle seems less threatening for now. The malware’s file, although encrypting data, is not notarized by Apple and gets blocked by Gatekeeper unless specifically allowed by the user. Additionally, decryption appears feasible due to recoverable encryption keys. While Wardle hasn’t attributed Turtle to a specific threat actor, the presence of Chinese strings in the code suggests a potential origin. Wardle highlighted the significance of addressing ransomware targeting macOS and urged discussions on prevention methods.

