Connect with us

Hi, what are you looking for?

Tech & Science

Mac users targeted in first known ransomware attack

The program was discovered by Palo Alto Networks. Called KeRanger, it lies dormant for three days after being installed before waking up, encrypting the majority of the Mac’s directories and demanding 1 bitcoin (around $410) from the user to reverse the process.
The malware encrypts all the files under the “/Users” and “/Volumes” directories on a Mac’s hard drive. It targets 300 different file extensions, ranging from emails and popular document, image and video formats to compressed archives, source code, database files and security certificates.
KeRanger was found being distributed by the installer for popular free torrent client Transmission. It remains unclear how the malware infected the original installer, a major lapse in security for the open-source project. The most likely explanation is its website was hijacked and the download link replaced with a re-compiled version of the program.
In a post on its website, the team behind Transmission advised “everyone” using version 2.90 of the program to immediately upgrade to version 2.92. The new version will automatically eradicate the malware and cleanse the system. Users of version 2.91 should also upgrade — although it wasn’t infected with KeRanger, it doesn’t automatically destroy the malware if present, potentially leaving it dormant on the computer.
KeRanger is believed to be the first ransomware developed with Mac OS X in mind. Over the past few years, the popularity of the new form of malware has soared on Windows, helped by high-profile programs such as Cryptolocker. Mac has remained unnoticed though, in part because the cybercriminals haven’t needed to seek revenue from the smaller platform because of the success they’ve found on Windows.
“The fact that it [ransomware] hasn’t made it to Mac shows that it’s had a great amount of success on the Windows side,” said Palo Alto Networks researcher Ryan Olson to Ars Technica. “But the fact that [the KeRanger malware] was distributed through a legit application demonstrates that we will see this again.”
Ransomware is one of the fastest growing malware forms and is slowly spreading across platforms. Recently, hackers managed to profit $17,000 from a Los Angeles hospital that was forced to pay up after all its computers became infected with ransomware.
Palo Alto reported KeRanger to Apple and the Transmission contributors on March 4. Both parties responded quickly and the infected Transmission installer was removed from the website. Apple has since blocked an antivirus signature used by Transmission v2.90, preventing OS X from opening the infected installer. Anyone using the affected program version should upgrade to version 2.92 immediately.

Written By

You may also like:

Tech & Science

One of the nearer-to-home challenges for a mission to Mars with a human crew is radiation.

Social Media

The spike in interest in Bluesky arrived after Donald Trump’s re-election to the White House at the start of November.

Business

US Treasury Secretary Janet Yellen warned that President-elect Donald Trump's sweeping tariff proposals could raise prices for consumers and pressure firms - Copyright AFP/File...

Business

Eighty-five percent of executives expressed concern about losing competitive ground without rapid AI adoption.