Apple Mac users for the very first time have been hit by a “Ransomware” a very dangerous type of malware. This newly discovered malicious software “KeRanger” encrypts data on the devices or machines it gains access to (running OS X), and then forces their respective owners to pay so as to re-gain access to the affected device. The malware appeared on Friday 4th March and is programmed to encrypt files on an infected personal computer three days after the original infection.
KeRanger, after encrypting machines, forces users to pay a certain amount in-order to get access to their files (Bitcoin payment of approximately $400). Hackers require users to make payments in hard-to-trace digital currencies, after which they get an electronic key which can be used to retrieve their data. Users that fail to pay the required charge might start losing access to the files installed on their computer.
Threat intelligence director at Palo Alto, Ryan Olson, said the “KeRanger” malware was the first functioning ransomware attacking Apple’s Mac computers. “This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Olson said in a phone interview with Reuters.
The software made its way onto Apple computers through the Transmission BitTorrent client. According to Olson, Transmission is one of the most popular Mac application used to download software, torrents, videos, music and other data through the BitTorrent peer-to-peer information sharing network. The attackers infected two installers of Transmission version 2.90 with KeRanger. The KeRanger application was signed with a valid Mac app development certificate issued by Apple which allowed the code to bypass Apple’s Gatekeeper protection
Transmission carried a warning on Sunday saying that version 2.90 of its Mac software had been infected with malware and advised users to either upgrade to version 2.91 immediately or delete the malicious one. It also provided technical information on how users could check to see if they were affected. Meanwhile some users at Reddit recommend running anti-virus/anti-malware such as Avira or Sophos to remove the malware, click here for more details on how to remove the malware.
Apple told Reuters that it had taken steps to stop the software working. According to the company, It had revoked a digital certificate that allowed the software to install itself on computers.
Although this type of ransomware is already popular in the Windows OS platform, generating lots of funds for cyber-criminals and black-hat hackers, the KeRanger is the first functioning ransomware attacking Macintosh computers (which are often resilient to cyber threats). For technical breakdown of how the KeRanger attack works, visit the Palo Alto Networks website.
Apple Inc. is an American multinational technology company headquartered in Cupertino, California, that designs, develops, and sells consumer electronics, computer software, and online services. It’s product, the MacBook is a brand of notebook computers manufactured from early 2006 to late 2011, and relaunched in 2015. Mac OS X is a series of Unix-based graphical interface operating systems (OS) developed and marketed by Apple Inc. It is designed to run on Macintosh computers, having been pre-installed on all Macs since 2002. OS X is the fourth most popular general purpose OS; within the market of desktop, laptop and home computers, and by web usage, OS X is the second most widely used desktop OS after Windows.