Apple users, beware: First live Ransomware targeting Macs found ‘in the wild’

Mac users who have downloaded torrent software in the recent past might be at risk of a ransomware.  The first known ransomware attack on Apple’s Mac computers was identified by researchers recently and by the time the threat was contained 6000 downloads of the ransomware named KeRanger had already occurred. Victims confirm that their files were locked up and they were asked to pay ransom to restore the files.

Researchers at Palo Networks who detected the threat say hackers infected Macs with ransomware through an infected copy of Transmission. Transmission is a program in Bit Torrent which Mac users install on Apple’s OS X to use in download and share music and video content. They say it was the first ransomware to actually work on Mac PCs.  In 2014 a similar Mac ransomware was detected but it was incomplete at that time.

Hackers have been aiming to infect the Mac OS X but it has been tough for them because the OS is restricted to few users. However, as the consumers of Mac OS X increase the easier it becomes for them to develop malware. KeRanger marks the beginning of their breakthrough and Mac Users should be on the watch out.

The recent threat is a big disappointment for many Mac fans who had their trust in Mac thinking it was immune to malware that is endemic to Windows PCs and other operating systems. Mac OS x has been considered to be secure because there are fewer devices using the OS unlike Windows OS. While PCs can receive millions of attacks in a year, most of the people who use MAC have primarily been able to keep away from antivirus talk until this particular moment.

KeRanger functioned by disabling all operations; locking up files and or functionality until the user makes a payment to the malware operators to remove the restriction. The payment was $400 through bitcoins.

The infection of the computers occurred when Key Ranger embedded within Transmission installed in the in the Mac computers when Transmission was downloaded and installed.  After a short time the malware would start encrypting files locking the users from accessing them and imbibing functionality of their machines.  After encrypting files in the system the malware demands victims to pay one bitcoin to an address in order for one to be able to access their files.  There is the possibility that the malware is undergoing development and future attacks might succeed in encrypting machine that have back files which are designed to completely prevent victims from going around the current problem by restoring back up data.

After team made up of Palo Alto Networks was called, they were quick to notify Apple and Transmission of the threat Apple has cancelled the certificate of security that was being improperly used by KeRanger. The company went even further by updating its X protect antivirus.  Transmission has also acted quick and replaced the infected forms of the Bit Torrent obtained from its website recommends users to immediately download and install its latest version; Transmission version2.92 which has a make that allows it to automatically neutralize KeRanger on any infected Mac PC.

It is appropriate that you take necessary precautions if you downloaded the Transmission Software from their official website on the weekend of March 4-5, 201. Palo Alto Network’s experts advises that all Transmission downloads around this time from any site are high risk for the infection.

How was the KeRanger able to make it past Apple’s safeguards initially?

The hackers signed KeRanger with an original certificate from Mac app development.  There are high chances it was sneaked through Apple’s security to their savers.  Since then Apple has tightened their saver securities

It is also postulated that because Transmission is an open-source it’s possible the project’s official website may have been hacked and its files replaced with malicious versions.  No one however is sure how the attack took place.

The threat from the attack has been dealt with by Apple and Transmission.  However, this is a call to Mac users to be on the lookout in future because such threats usually start out small this way. Eventually the hackers develop the malware to the point that the damage they cause is large-scale.  As of now Mac users should be careful with who they share files for the infection can be passed to them through the Torrents’ Transmission.