First Mac OS X Ransomware Targets Apple Users
Mac users, even you are not left untouched by ransomware!
The World’s first fully functional Ransomware targeting OS X operating system has landed on Macs.
Ransomware – one of the fastest-growing cyber threats – encrypts the important documents and files on infected machines and then asks victims to pay ransoms in digital currencies so they can regain access to their data.
Though Ransomware has been targeting smartphones and Windows computers for a while, Mac OS X users haven’t really had to worry about this threat… until now!
A Managed Services Program from A Geek To Go! could help prevent or even rememdy such an event.
The KeRanger ransomware, which appeared on Friday, comes bundled into the popular Mac app Transmission, a free and open-source BitTorrent client for Mac with Millions of active users.
Must Read: How Just Opening an MS Word Doc Can Hijack Every File On Your System.
Here’s How KeRanger Works
Once a victim installs the infected versions of the app, KeRanger malware embeds itself in the victim’s machine and encrypts the hard drive – containing important documents, images and videos files, as well as email archives and databases – after three days.
The malware imposes a 72-hour lockout window unless the payment is made.
Though it is still unclear how the hackers managed to compromise the app and upload the infected files, it is believed that the hackers managed to hack the Transmission website as the site was served via HTTP rather than HTTPS.
How to Protect yourself against KeRanger
The security researchers suggested users to check for the existence of the following files in their machines:
- /Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf
If any of the above-mentioned file exists, your Transmission app is likely infected with the new ransomware.
The malicious code also has a process name of “kernel_service”, “kernel_pid”, “.kernel_time” or “.kernel_complete,” which can be killed, and stores its executable in the ~/Library directory. Delete these files if exist.
Upgrade to Version 2.91 of Transmission
Soon after, the Transmission developers released an updated version 2.92 of Transmission to ensure the ‘KeRanger’ malware files is actively removed.
So, if you had downloaded a vulnerable copy of Transmission from the web before the weekend, you must uninstall it now and upgrade to a clean 2.92 version of the software.
“Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file,” Transmission posted this message in Red on its website.
Specifically, downloads of Transmission version 2.90 were infected with the nasty ransomware code that will encrypt your files after 3 days and demand a payment of $410 in Bitcoin to regain control.
However, it is worth noting that KeRanger has currently been detected only in the Transmission app for Mac. But, if the malware is widespread, it could affect other common Mac apps as well.