Ransom Ain't Goin' Nowhere: Shutting down macOS ransomware with native Apple protections
by Calum Hall | - 12:15pm
Ransomware on macOS is a forever-simmering volcano of bad things to come. We’ve seen waves of activity before and recent threat intelligence keeps us on our toes.
But what if we could detect and kill ransomware in its tracks? That would be awesome - but let’s take that a step further, what if we could use Apple’s own tooling to nullify any impact up until the point of detection? This release of Phorion’s latest research demonstrates the unquestionable benefits of building on top of Apple’s existing tooling.
About Calum Hall
Calum is a former offensive operator turned founder of the macOS-focused EDR platform, Phorion. He has spent years presenting offensive research into the Apple ecosystem at conferences such as BlackHat and Objective by the Sea. Since stepping back from the Dark Side, Calum has focused on supporting Blue Teams - both as GitHub’s detection engineering lead and through the development of cutting-edge macOS defensive tooling.