A new macOS-targeting ransomware, dubbed NotLockBit, has emerged, impersonating the infamous LockBit ransomware. Written in Go and capable of encrypting files on both Windows and macOS, it uses double extortion tactics, steals victim data, and deletes shadow copies. Distributed as an x86_64 binary, it operates on Intel and Apple silicon devices using Rosetta emulation. NotLockBit uses RSA encryption, appends the ".abcd" extension to files, and drops ransom notes, while also exfiltrating data to an Amazon S3 bucket using hardcoded AWS credentials. Although still under development, cybersecurity firms expect more activity from this malware soon.