Hackers targeted Apple’s Macs over the weekend by use of a pernicious type of software referred to as ransomware. Ransomware is one of the fastest growing cyber threats that encrypts data on the infected machine and then asks users to pay ransom in hard to trace currency to get an electronic key that will retrieve their data. Security experts estimate that ransoms are totaling hundreds of million in a year from this types of cyber crime. When ransomware are incorporated into an app, it connects to a remote server via Tor anonymizing services and begins encryption of individual files.
Pato Alto Threat Intelligence was the first to discover the software and named it as KeRanger malware. It is the first fully functional ransomware to be found on the OS X platform. The only previous ransomware for the OS X system was FileCorder, which was discovered by Kaspersky Lab in 2014 though it was incomplete.
KeRanger infected Macs through a popular program known as Transmission; a program used to transfer data through BitTorrent. On Friday, version 2.90 of Transmission was released and it contained the malware. It was noted that malware might have found it’s way to the app as it was being updated. Palo Alto noted that KeRanger Transmission version had a legitimate Apple’s developer certificate. It had been programmed to stay quit for three days after infecting a computer. It then connects to the attacker’s server and starts file encryption making them inaccessible. After a complete encryption of data, it demands a ransom of one bitcoin that is approximate $400. Olson, who is the intelligence director at Palo Alto Threat, said that users whose devices were affected could start losing data on Monday since three days would have passed after the virus loaded onto Transmission site.
Pato Alto informed both Transmission project and Apple of the malware. Transmission removed the infected version of the software from its website and on Sunday,it released a version that it claimed can automatically eliminate the ransomware from infected Macs. They also advised Transmission user to install the new update version 2.92 when they suspect their devices might be infected. Apple noted that it had revoked the abused certificate and updated Xprotect antivirus signature. Palo Alto Networks also updated URL filtering and threat prevention with the primary aim of stopping KeRanger.
Ransomware in the past has caused major problems. A Los Angeles hospital said that it paid $17,000 ransom stating that it was the quickest way to get their system working. Ransomware are not common on Macs though of late some researchers have created proof of the concept. In November Rafael Salema Marques Brazilian security researcher uploaded a video showing how he coded ransomware for Macs.
Featured image credit: telegraph.co.uk