First Ransomware For Mac

Ransomware, which is malicious software used to extort money, represents a growing threat to users. The software can encrypt files until a ‘ransom’ is paid in a difficult-to-trace digital currency, such as bitcoins.

• Can Macs Get Ransomware

In early March of this year, the first fully functional ransomware attack coded for the Mac platform was launched.The malware had infected an official update for Transmission, the BitTorrent client application used by millions to illegally download content on P2P networks. At the beginning of March, the first ransomware attack for Macs appeared. It’s called 'KeRanger' (pronounced 'Key-Ranger'). Security firm Palo Alto Networks discovered it within a tampered version of Transmission, a legitimate Mac BitTorrent client. Over the weekend, hackers targeted Apple customers with the very first campaign against Mac computers using the KeRanger Ransomware threat.

Dubbed “KeRanger,” the Mac ransomware was identified by Palo Alto Network researchers Claud Xiao and Jin Chen earlier this month. “The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014,” Palo Alto Networks “As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.” The ransomware attacked OS X via an open source program called Transmission that is used to transfer data via the BitTorrent file sharing network. “Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4,” Palo Alto Networks wrote. The ransomware waits for three days before connecting to command-and-control servers over the clandestine Tor network.

Can Macs Get Ransomware

After encrypting users’ data, KeRanger demands that victims pay one bitcoin, worth about $400, to a specific address to retrieve their files, according to Palo Alto Networks. The company reported the ransomware issue to the Transmission Project and Apple the day it was discovered.

Apple confirmed to it has revoked a Mac app development certificate that let KeRanger bypass the tech company’s OS X Gatekeeper protection software. The tech giant also updated its XProtect antivirus software, which means that no-one can install the affected app. Palo Alto Networks reports that the Transmission Project has removed the malicious BitTorrent client installers from its website. The Transmission Project has also urged users to upgrade from Transmission version 2.90. “Everyone running 2.90 on OS should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file,” it said, in a statement on its website, adding that the new version will remove KeRanger. Security research manager at cybersecurity specialist Rapid 7 Tod Beardsley told Fox News that the Mac ransomware underlines the threat posed by malicious software.

“The Trojaned BitTorrent client, Transmission, illustrates the chain of trust that end users of all stripes enter into and how it can break down,” he explained. “This incident appears particularly sophisticated, since it involves a compromise of a software developer’s distribution site and an unrelated and likely stolen signing key.” However, Beardsley believes that the risk to Transmission users is likely small. “The fact that the compromise was discovered and mitigated in under a day means that the end users of Transmission are at fairly low risk; victims would have had to have downloaded the malicious disk image (DMG) installer and executed it in a relatively short window,” he said. The scale of the ransomware threat was highlighted recently when a Los Angeles hospital paid nearly $17,000 in bitcoins to hackers who disabled its computer network.