Beware Delvelogic LLC Mac Ransomware Scam

If your Mac freezes with a message to contact Apple support and you end up talking to Delvelogic LLC be careful – it is a ransomware scam.

 

Earlier in the week a colleague had a very scary experience. Her Mac laptop locked up and displayed an official message that the machine had been compromised. The message went on to explain that she needed to contact Apple support immediately, along with a phone number.

She followed the directions to the letter. Technicians connected to her machine and confirmed the existence of malware and spyware. They showed her diagnostics as proof of this, and explained specifically that foreign hackers were secretly observing her activity, logging keystrokes, stealing passwords, etc. They scared the hell out of her.

They then transferred her to an Apple support partner for resolution. The support partner, a company that identified themselves as Delve Logic LLC, connected to her computer and removed all of the malware and spyware. My colleague was happy to have her computer back and gladly paid the $499.99 fee.

Unfortunately the whole thing was a scam. The people she paid to help were also responsible for locking her machine in the first place. The official looking message was fake, as was the number that she called. These people took control of her machine, then tricked her into paying them to unlock it.

And, adding insult to injury, they used the unfettered access she granted during the support session to her machine to install more spyware that really did let them steal passwords, etc.

At this point I should point out that the affected person affected is not unaware, gullible or naive. She is a mature, sophisticated, highly intelligent individual. These scams work because the people who run them are very good at what they do.

A short while later she started to have second thoughts. She looked up the actual Apple support line from the official Apple website and called in. The service was great and she was quickly escalated to a senior team that connected and removed all of the malware. They also gave her additional help and advice, encouraging her to change all passwords, etc. She is also pursuing a chargeback with Visa.

  • In this case the company identified themselves as Delvelogic LLC. There does appear to be a technology company called Delvelogic but there is no reason to assume any association between them and the scam. It is possible that the culprits just use the names of legitimate companies, harming their reputations to help carry out their scheme.
  • Install all official Apple updates as soon as possible as these frequently include security patches.
  • Use some kind of Antivirus software. Sophos Antivirus for Mac and Clam Xav are both excellent free antivirus tools.
  • If you intend to call Apple support go straight to the Apple website and get the contact information there. It is very easy to fake an official-looking email, etc. with bogus information that will misdirect you.
  • If there is any talk about a charge ask for a quote/estimate, or other email. In this case the receipt, issued after the fact, used a random-looking gmail account that appeared to have no connection to the company name being used (Delvelogic), which is a significant red flag.

This situation also illustrates why a strong password strategy is so important. Through keyword logging for even a brief period, or through social engineering, it is very easy for someone bad to get one of your passwords.

It can be assumed that you bank online, have an account with Amazon, etc., and it is also extremely easy to test one password against multiple sites. If you use the same password in multiple places you are then in very deep trouble – the one password has now given them access to everything.