First Mac OS X Ransomware Targets Apple Users

First Mac OS X Ransomware Targets Apple Users

ransomwareMac was considered as most safest Operating System but recently, it has been discovered that a new ransomware is targeting Mac OS X. This has come up as a major surprise as Ransomware was considered something that was more frequently targeting and attacking Windows platform. This has been reported by security research Team of Palo Alto Networks, as they claim to have discovered one such ransomware as “KeRanger”. If reports are to be believed this is the first instance where Mac OSX have been targeted by “KeRanger” Ransomware. This has been quoted by Apple’s Macintosh Computers Threat Incharge and Director Ryan Oslo to Reuters.

How KeRanger Targeted Mac

This is important to know as to how first fully functional ransomware targeted Mac system. The source was known to be freeware as it came bundled along with Transmission BitTorrent. It was recently notified that version 2.90 which was downloaded from Mac BitTorrent Client might have been infected with this malware. So the users were prompted to immediately switch over to and update to 2.92. since the previous version was infected and unsafe for use. Actually it used a tainted copy of Transmission which is widely used data transferring program using BitTorrent for file sharing. What is most alarming, more than 6500 downloads were reported of the infected files by the users. Cyber Security Experts of Mac are worried as this was the first instance when Mac system was attacked and targeted. Although its first instance but more attacks can be common in coming days as so many Mac systems are that can be vulnerable and an easy target for the hackers.

Actually “KeTracker” once proliferates Mac OSX, it encrypts the files present on the hard drive and later demands a ransom for file decryption. If such incidences go on happening at loom and large, Mac will no longer be a better option than Windows. Although, Apple took immediate step to curb and block this cyber attack of first kind aimed by file encrypting Ransomware. It also revoked the certificate that was present on the tainted version of the freeware. Transmission also made it pretty clear warning Mac users to upgrade to recent 2.92 version of Transmission BitTorrent. It also instantly removed the infected version of 2.90 from its website. A step towards ensuring no further possibilities of spreading of malware further. It was evident that hackers might have uploaded a tampered version of Transmission on its official website and possibly could have compromised the legit application. The tainted version was found to be having signature of legit Certificate of the Apple’s developers and that resulted in the installation of malicious codes. With the default settings of installation of Apps from Mac developers might have resulted in downloading and installation of malware on to the Mac machines.

Strategy Used by KeTracker Ransomware

Once this nasty ransomware paves its way on the Mac Computer, it waits for 2-3 days before getting activated. Thereafter it gets connected to the remote server making use of Tor system. It has been maliciously coded to infect as many as 300 different files. Thus encrypting all of them and later it demands a ransom of 1 bitcoin which amounts to $404. since it was designed in such a way that it can easily bypass security software to invade the system. What if the files which got infected were most important for you. This is why it is always stressed to have regular backup of the files. Instances where ransomware have targeted Windows platform was somewhat common but now it is shifting even to Mac OS X. there have been drastic increase in such malware attack over the period of time. Mostly they are targeting large Companies so that they can get hefty amount as ransom for file decryption. Previously the attack was limited to Consumer and personal Computer fetching few dollars but now things have changed drastically and scammers are trying something big in in recent time and in days to come.

If the system has been infected with this deadly Ransomware, there are chances that sooner or later they might go on losing important files as it would be encrypted. As it can take upto 3 days or more time to be fully functional for encrypting files. It is time for being highly cautious as advent of malware attack is on rise. Even if you are using Mac, then also your Operating System is not foolproof against cyber threats. So its high time to scan your system and stay protected from any such attacks in near future.

Source: http://www.pcworld.com/article/3040987/security/apple-shuts-down-first-ever-ransomware-attack-against-mac-users.html