"New Turtle macOS Ransomware Analyzed"

Patrick Wardle, a cybersecurity researcher specializing in Apple products, has analyzed a new macOS ransomware named Turtle.  Wardle noted that Turtle ransomware is currently not sophisticated, but the malware's existence indicates that cybercriminals continue to show an interest in targeting macOS users.  Versions of the Turtle ransomware have also been created for Windows and Linux systems.  Wardle stated that the malware was developed in Go and, based on strings found in the binary, "Turtle" appears to be the name given by its author.  Wardle noted that the ransomware is designed to encrypt files on compromised systems.  However, it does not pose a major threat to macOS users at this stage.  Firstly, the malicious file is signed with an ad-hoc signature and not notarized by Apple, which means Gatekeeper will block it unless it's deployed through an exploit or specifically allowed to run by the victim.  In addition, while the ransomware can encrypt files, the encryption key can be recovered, and decrypting files is not difficult. 

SecurityWeek reports: "New Turtle macOS Ransomware Analyzed"