How to Remove the Ransomware “KeRanger” From your Mac

how to fix KeRanger

Earlier on we discussed about the KeRanger, the very first ransomware to hit Apple Mac users running OS X. This ransomware encrypts data on the devices or machines it gains access to (running OS X), and then force their respective owners to make payment of approximately $4.00 per computer to get access to their files. The hackers actually require payment in Bitcoin, which makes it difficult to trace. According to the Transmission website;

Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.

Users who have directly downloaded Transmission installer on or before March 5 2016 are advised to perform the following security checks:

  • Using either Terminal or Finder, check whether /Applications/ General.rtf or /Volumes/Transmission/ General.rtf exist. If any of these exist, since the Transmission application (2.90) is infected, deleting the infected version is reccomended.
  • Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service” (Figure 12). If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”.
  • After these steps, we also recommend users check whether the files “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service” existing in ~/Library directory. If so, you should delete them.

Some anti malware such as Malwarebytes for Mac have been updated to scan for the KeRanger as well, click here to download. Mac users running Avira antimalware should also run a scan on their system as well, download here. Sophos antivirus also is a good anti malware, download here.

You could also try out BlockBlock, though currently still a beta product, this anti malware got your back! Download BlockBlock here.

Malware installs itself persistently, to ensure it’s automatically re-executed at reboot. BlockBlock continually monitors common persistence locations and displays an alert whenever a persistent component is added to the OS.

As of now, this malware affects only affect version 2.90, users running the older 2.84 are not affected.

Mac OS X is a series of Unix-based graphical interface operating systems (OS) developed and marketed by Apple Inc. It is designed to run on Macintosh computers, having been pre-installed on all Macs since 2002. OS X is the fourth most popular general purpose OS; within the market of desktop, laptop and home computers, and by web usage, OS X is the second most widely used desktop OS after Windows.

Bitcoin is a digital asset and a payment system invented by Satoshi Nakamoto, the invention was released as open-source software in 2009. The system allows users to transact directly without an intermediary (peer-to-peer). Transactions are verified by network nodes and recorded in a public distributed ledger called the block chain. The ledger uses bitcoin as its unit of account. The system works without a central repository or single administrator, which has led the U.S. Treasury to categorize bitcoin as a decentralized virtual currency. Bitcoin is often called the first cryptocurrency. The use of bitcoin by criminals has attracted the attention of financial regulators, legislative bodies, law enforcement and media, it is the largest of its kind in terms of total market value.

There are no comments

Add yours