The First Known Mac Ransomware Campaign

We saw the first successful targeted campaign against apple computers using a dangerous software known as ransomware. Up until now, cyber criminals have typically targeted Microsoft users.

Ransomware is a gradually damaging software and one of the fastest growing types of cyber threats out right now. It works by encrypting data on infected devices and then (typically) asks users to pay a ransom in digital currencies in order to get an electronic key to retrieve their data.

Security experts say this malicious type of software is said to be responsible for crimes that total hundreds of millions of dollars each year.

The Malware is called “KeRanger” and was the first functioning ransomware to attack Apple’s Mac computers. Hackers attacked cleverly using the BitTorrent peer-to-peer file-sharing network. Mac computers were infected when users downloaded a new version of the program called “Transmission,” which is used to transfer data in BitTorrent.

Once infecting the Mac, KeRanger stays quiet for three days before connecting to the server and encrypting files so the user is unable to access them. Once the encryption is complete, unbeknownst to the victim, KeRanger then demands a ransom of 1 bitcoin (the equivalent of about $400) for the user to get their data restored.

Luckily for all, Apple acted quickly to prevent any further infections. They removed a digital certificate that allowed the software install on Macs, then Transmission removed the malicious version (2.90) with the ransomware from its websites. Transmission then also released a version that would automatically remove the ransomware if the Mac was infected.

Finally, Transmission released a new update, Transmission version 2.92 for users to update if they suspected they could have been infected. Total count of those affected was less than 7,000.