MENU

First Mac Ransomware Goes After OS X Users: What You Need To Know About KeRanger Malware

Close

The ransomware dubbed KeRanger is making rounds on Macs running OS X via Transmission, a BitTorrent client that's compatible with multiple operating systems.

Palo Alto uncovered this particular malware a few days ago on March 4, noting that this is the first fully functional ransomware on the OS X.

It's also worth mentioning that there was another one of its kind called the FileCoder, which Kaspersky discovered back in 2014, but it turned out to be incomplete and unable to function, technically making KeRanger the real first ransomware on the platform.

"This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom," Ryan Olson, threat intelligence director at Palo Alto, tells Reuters in a phone interview.

As Olson explains, the malicious software is capable of encrypting the victim's hard drive after three days of its installation. It will then demand a ransom to unlock the sealed data. In this case, the cost is 1 bitcoin or $400.

According to Palo Alto, the cyber culprits targeted two installers of Transmission version 2.90 on the day the researchers of the security company encountered it. At the time that it identified the issue, the infected DMG files were still up and running.

"Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred," Palo Alto says.

Apple was quick to take safety measures when they learned of the ransomware on March 4. A spokesperson for the Cupertino brand says that it implemented counteractions over the weekend, revoking a "digital certificate that enabled the rogue software to install."

To further prevent KeRanger from spreading, the people behind Transmission also swiftly developed a clean version of the app, advising users to update as soon as they can. They also noted that the new version 2.92 will actively remove the ransomware.

"Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the 'OSX.KeRanger.A' ransomware is correctly removed from your computer," Transmission says.

For those who have fallen victim, the best course of action would probably be to restore a system backup.

Ransomware has been hitting the headlines recently, particularly the attack on the Hollywood Presbyterian Medical Center.

Needless to say, every user on every operating system can be affected by malware, so it would be a good idea to stay on your toes online.

ⓒ 2018 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Real Time Analytics