Re: Attack of the nonexistent Mac ransomware
Though if they have enabled Time Machine they can restore to a point before their files were encrypted, and lose at most a day's work
That's not how ransomware works. A ransomware infection will quietly encrypt any backups it can find for a while before it starts encrypting the main machine, so you could be losing even months when it activates, and you will only discover that if you have to access a backup for some reason, otherwise it's a slow poison.
This means that undetected ransomware can have quite an impact once it has managed to make it onto your machine, and I see it as entirely feasible that ransomware people will try to infect software developers first in an attempt to 'christen" their malware with a valid signature, introducing the code as a trojan.
The only way to proactively pick up ransomware is by regularly testing your backups (I use both Time Machine and Carbon Copy, separately) and by having tools installed that pick up ransomware behaviour such as the Ransomwhere software by Patrick Wardle's Objective-See non-profit. That said, exercising proper IT hygiene such as only installing software from known locations and with valid signatures will go a long way towards keeping the nasties away from MacOS, ditto for iOS where sideloading is presently near impossible (the attack vector there is more via the few zero day vulnerabilities it has had and trojaned apps).
Biting the hand that feeds IT
