(E) There have been recently many new high profile cases of ransomware: the Colonial Pipeline, the D.C. Police Department, and Scripps Health. Cyber intelligence firm Intel 471 described the techniques used by the organization behind the Colonial Pipeline ransomware as well as the type of crypto-currency used for the transaction . In high profile cases, such as the one of the Colonial Pipeline, companies usually call FireEye for help.

Security expert Bruce Schneier has a long list of blog posts on that subject, and so does security investigator Brian Krebs on his security blog.

Coveware, a company helping other organizations victims of ransomware, publishes a quarterly report regarding the major trends.

While you might not be responsible for the digital assets of your organization, you should probably take very care of your personal data at home.

So can your Mac at home be attacked. Sure, it can. There are basically two types of security attacks: opportunistic (e.g. your system has been randomly attacked) or targeted (e.g. you have high value assets).

The good news is that a few security best practices will help you a lot. Here is my list:

1. Keep your Mac, and all its running applications updated to their latest releases
2. Only download apps from the App Store or a trusted Web site
3. Run daily one to two anti-virus/malware/adware/ransomware
4. Turn FileVault to encrypt your data, and choose Apple ID to unlock your Mac if you lost your password
5. Block connections to your Mac with the firewall turned on (select the right options for your use cases)
6. Encrypt your Time Machine back-up, and any removable disk. If you cannot encrypt a removable disk, back-up its content, use the disk utility, erase the disk, and format it – using APFS format and GUID Partition Map for Big Sur
7. Avoid to keep your back-up drive connected to your Mac
8. In system preferences – security & privacy – select which apps can use your location services, contact, calendars, reminders, photos, camera, microphone…
9. In particular, in system preferences – security & privacy – monitor and select which apps has full disk access, files and folders access, and automation/events. If you find a suspicious apps, remove it with your anti-virus. If that does not work, try to remove it the Apple’s command line tool tccutil – two articles on it
10. Monitor your system withe Mac Console: documentation here, and a good article on how to use it here

Stay safe!

Note: The picture above is a painting from one of my Italian friends.

Copyright © 2005-2021 by Serge-Paul Carrasco. All rights reserved.
Contact Us: asvinsider at gmail dot com