Described by VXUnderground as a milestone—the first instance of a major ransomware group targeting Apple products—LockBit appears to be an Apple port of its Linux counterpart, first surfacing in early 2022. Initial samples displayed ad hoc signing, triggering an invalid signature pop-up upon execution. As of the latest information, LockBit does not yet exfiltrate data and is believed to be under active development, suggesting additional functionalities could be forthcoming. When successfully executed, the ransomware encrypts files using open-source TLS libraries and leaves a ransom note in a file labeled "!!!-Restore-My-Files-!!!".