Techmeme: First Known Ransomware For Mac



Apple users have been targeted in a confirmed ransomware attack.

3 Min Read (Reuters) - The first known ransomware attack on Apple Inc's AAPL.O Mac computers, which was discovered over the weekend, was downloaded more than 6,000 times before the threat was. First known Mac ransomware reaches the wild. KeRanger will force you to pay digital cash to use your computer. Jon Fingas, @jonfingas. March 6, 2016 Comments. Sponsored Links. Apple Inc customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto. Mac encrypting ransomware has been discovered packaged with a popular BitTorrent client, marking the first time any form of ransomware targeting Apple's OS X has appeared in the wild. The act of replacing or modifying a legit file with a malicious one, and then running legit code to make it look like nothing’s wrong, is not new on macOS. In fact, the first real Mac ransomware, KeRanger, was spread through a modified copy of the Transmission torrent app.

Techmeme:

Apple customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc told Reuters on Sunday.

Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.

Techmeme: First Known Ransomware For Mac

Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of Microsoft Corp’s Windows operating system.

Palo Alto Threat Intelligence Director Ryan Olson said the “KeRanger” malware, which appeared on Friday, was the first functioning ransomware attacking Apple’s Mac computers.

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Olson said in a telephone interview.

Hackers infected Macs through a tainted copy of a popular program known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog posted on Sunday afternoon.

Techmeme: First Known Ransomware For Mac

When users downloaded version 2.90 of Transmission, which was released on Friday, their Macs were infected with the ransomware, the blog said.

Read More

An Apple representative said the company had taken steps over the weekend to prevent further infections by revoking a digital certificate that enabled the rogue software to install on Macs. The representative declined to provide other details.

Transmission responded by removing the malicious version of its software from its website, http://www.transmissionbt.com. On Sunday it released a version that its website said automatically removes the ransomware from infected Macs.

The website advised Transmission users to immediately install the new update, version 2.92, if they suspected they might be infected.

Palo Alto said on its blog that KeRanger is programmed to stay quiet for three days after infecting a computer, then connect to the attacker’s server and start encrypting files so they cannot be accessed.

After encryption is completed, KeRanger demands a ransom of 1 bitcoin, or about $400, the blog said.

Olson, the Palo Alto threat intelligence director, said that the victims whose machines were compromised but not cleaned up could start losing access to data on Monday, which is three days after the virus was loaded onto Transmission’s site.

Techmeme: First Known Ransomware For Mac Computers

Representatives with Transmission could not be reached for comment.

Apple customers were targeted by hackers over the weekend in the first campaign against Mac computers using ransomware, researchers with Palo Alto Networks have revealed.

Ransomware encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.

Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of Microsoft's Windows operating system.

Palo Alto threat intelligence director Ryan Olson said the 'KeRanger' malware, which appeared on Friday, was the first functioning ransomware attacking Apple's Mac computers.

'This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,' Olson said.

An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs.

Techmeme: First Known Ransomware For Mac Osx

Techmeme: first known ransomware for mac osx

The malware is programmed to encrypt files on an infected personal computer three days after the original infection, according to Olson.

That means that if Apple's steps prove ineffective in neutralising malware that has already infected Macs, the earliest victims will have their files encrypted on Monday, three days after the malicious program first appeared on the Transmission website, he said.

The Transmission site offers the open source software that was infected with the ransomware.

Palo Alto has released advice for Mac users on ways to check if they were infected with the virus and steps they can take to protect against it harming their data, Olson said.

Transmission is one of the most popular Mac applications used to download software, videos, music and other data through the BitTorrent peer-to-peer information sharing network, according to Olson.

Representatives with Transmission could not be reached immediately for comment.

The project's website on Sunday carried a warning saying that version 2.90 of its Mac software had been infected with malware.

It advised users to immediately upgrade to version 2.91 of the software, which was available on its website, or delete the malicious one.

Techmeme: First Known Ransomware For Mac Download

It also provided technical information on how users could check to see if they were affected.