Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity

    First Mac Ransomware Poses Little Risk for Users

    By
    Robert Lemos
    -
    March 8, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Mac ransomware

      A ransomware group targeted Mac users with the first fully functional malware program capable of encrypting data and demanding a ransom of 1 Bitcoin, about $412, for providing the key to unlock the data, Palo Alto Networks said on March 7.

      Users of the open-source Transmission Bittorrent client, who downloaded the latest version of that software on March 4, may have infected their system with the malware, dubbed KeRanger by Palo Alto. Because the security firm identified the threat within six hours of its posting and warned Apple and the developers that the open-source software had been infected, the ransomware’s impact will likely be blunted, Ryan Olson, director of threat intelligence for Unit 42, the research group at Palo Alto Networks, told eWEEK.

      “We will see now whether people report whether they had files encrypted, but we think the impact will be small because we were able to work quickly to find this and work with our peers in the industry to remove the threat before it had an impact,” Olson said.

      KeRanger is designed to encrypt more than 300 different file types on Macs and to replace the files with encrypted versions. After installation, however, KeRanger waits three days before starting its encryption cycle, a technique that can foil some defenders’ attempts to detect potentially malicious files. In this case, Palo Alto hoped the delay allowed users to uninstall the malicious program before it started its encryption routine, Olson said.

      While ransomware is a very successful attack on Windows systems, making criminals millions of dollars in payments, the Mac had not seen a significant ransomware attack. However, the advent of KeRanger shows that criminals are targeting the operating system.

      The ransomware attack took a lot of effort, Olsen said. Not only did the criminals write the malware, but they also had to steal a legitimate software certificate to bypass Apple’s Gatekeeper software for blocking non-legitimate apps.

      In addition, the criminals behind the malware had to somehow gain access to the site from which the Transmission Bittorrent client could be downloaded. On March 4, the criminals replaced the Transmission client with a copy infected with the KeRanger malware. Any users who downloaded version 2.90 of the program are at risk of being infected by the malware, Palo Alto Networks warned on March 6.

      The Transmission project posted a warning on its Website for its users.

      “Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file,” the company stated. “This new version will make sure that the ‘OSX.KeRanger.A’ ransomware … is correctly removed from your computer.”

      KeRanger is not the first attempt to use ransomware against Mac OS X users. In June 2014, antivirus firm Kaspersky Lab found an unfinished program on malware-classification site VirusTotal. The ransomware, dubbed FileCoder, appeared to have been an early test version of a program that had not been completed.

      “At this point, it became totally clear that (FileCoder) is a relatively harmless program, which could be turned into a fully functioning Trojan encrypter demanding money from its victims, but for some reason this had not been done,” Kaspersky Lab stated at the time.

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×