From 2006 to 2009, Apple ran its ‘Get a Mac’ ad campaign – a lighthearted series of comparisons between Macs and PCs.
In one iteration of the campaign, a sniffling John Hodgman (the PC) tells Justin Long (the Mac) to stand back, because he has “that virus that’s coming around”.
“Don’t be a hero, last year there were 114,000 known viruses for PCs,” Hodgman continues, warning the human Mac computer not to get too close.
“PCs… not Macs,” Long smugly quips back.
Aside from epitomising the mid-2000s, the now decade-old ad also illustrates a longstanding misconception in the technology world – that Macs are impenetrable when it comes to vulnerabilities.
And while PC systems still attract the vast majority of cyber attacks, Apple operating systems around the world are now facing an unprecedented surge in malicious attacks.
Datto’s third annual State of the Channel Ransomware report has identified a sharp spike in ransomware attacks on macOS and iOS systems.
The number of managed service providers (MSPs) reporting ransomware attacks on Apple operating systems in the first six months of 2018 was up nearly 500% from last year.
Vice President of Business Development at Datto, Rob Rae, explained that most Mac users are not expecting to fall victim to an attack.
“We hear it in the IT industry all the time, ‘buy Macs because they’re safer’,” he said. “When in actuality, if someone wants to break into it, they’re going to break into it.
“The thieves are now turning around and starting to put their resources and ideas towards iOS, more so because if somebody comes out and says ‘we’re less vulnerable’, that’s just opening yourself up for an attack.”
Rae also explained that Mac users represent a specific demographic in the business world, which hackers can target.
“When you think of Mac users and you look at malware, Mac users tend to be people or organisations that will invest more in technology,” he said.
“Because a Mac is so much more expensive than a Windows device, the firms that use them tend to have more money.
“So, if there’s anyone you want to circle and attack it would probably be a Mac user.”
“’A’ because their defences are down and ‘B’, because they tend to have more trust and more spend in IT.”
Of the 2,400 MSPs, customers and Datto partners surveyed for the report, 9% had seen macOS systems infected by ransomware, while 5% had seen iOS systems compromised.
Despite the surge in incidents involving Apple systems, Windows was still far and away the most targeted when it comes to ransomware attacks, with 99% of those surveyed revealing they had witnessed infected Windows systems.
Attacking from the cloud
Datto’s report also highlights the shift of malware into the cloud.
28% of the MSPs had seen ransomware attacks on Software as a Service (SaaS) application, with around half (49%) of these witnessed attacks on Office 365.
“As we see things transition from hardcore servers, like Exchange servers, and things move into the cloud, the way in which they're doing the attacking needs to get equally creative,” Rae said.
“So, we're starting to see incidents of what's called ‘ransom cloud’, where you can literally lock down an Office 365 account or a Gmail account with ransomware.
“They can encrypt the entire email account and the archive and literally demand $500 in exchange for giving you back access to your emails.”
Cost of downtime
The report also reveals that for many companies, the most crippling aspect of a ransomware attack is the aftermath.
On average, the ransom asked for in a ransomware attack was $US4,300. The average cost of the associated downtime was more than 10x greater – $US46,800.
In March this year, the city of Atlanta in the United States was hit with a ransomware attack in which city employees were not able to access government issued devices for five days as hackers demanded a $US51,000 ransom.
With government systems such as ticketing software down as a result, it has been estimated that the total cost of the incident eclipsed $US17 million.