First Mac OS X Ransomware Targets Apple Users

Another Mac OS Virus/Malware successful attack, we often hear Apple devices are on a closed OS and are not susceptible to the unwanted Virus/Malware type attacks but Virus outbreaks of the Flashback virus to Mac systems and Wire Lurker attacks on iPads and phones are proof Apple’s Mac OS and other products are in fact devices that need security protection and careful consideration when using them.

Now The World’s first fully functional Ransomware targeting OS X operating system has been landed on Macs.

Ransomware one of the fastest-growing cyber threats encrypts the important documents and files on infected machines and then asks victims to pay ransoms in digital currencies so they can regain access to their data.

As security researchers from Palo Alto Networks claims to have discovered the very first known instance of OS X Ransomware in the wild, called “KeRanger” attacking Apple’s Macintosh computers, firm’s Threat Intelligence Director Ryan Olson told Reuters.

 

Here’s How KeRanger Works
 

Once a victim installs the infected versions of the app, KeRanger malware embeds itself in the victim’s machine and encrypts the hard drive containing important documents, images and videos files, as well as email archives and databases after three days.

The KeRanger malware then asks the victim to pay 1 Bitcoin (~ $410) as the ransom amount to allow him/her to decrypt the hard disk and regain access to their important files.

The malware imposes a 72-hour lockout window unless the payment is made.
 

How to Protect yourself against KeRanger

The security researchers suggested users to check for the existence of the following files in their machines:

/Applications/Transmission.app/Contents/Resources/General.rtf
/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf

 

If any of the above-mentioned file exists, your Transmission app is likely infected with the new ransomware.

The malicious code also has a process name of “kernel_service”, “kernel_pid”, “.kernel_time” or “.kernel_complete,” which can be killed, and stores its executable in the ~/Library directory. Delete these files if exist.

 

Upgrade to Version 2.91 of Transmission

Soon after, the Transmission developers released an updated version 2.92 of Transmission to ensure the KeRanger’s malware files is actively removed.

So, if you had downloaded a vulnerable copy of Transmission from the web before the weekend, you must uninstall it now and upgrade to a clean 2.92 version of the software.

 

“Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file,” Transmission posted this message in Red on its website.

 

Specifically, downloads of Transmission version 2.90 were infected with the nasty ransomware code that will encrypt your files after 3 days and demand a payment of $410 in Bitcoin to regain control.

However, it is worth noting that KeRanger has currently been detected only in the Transmission app for Mac. But, if the malware is widespread, it could affect other common Mac apps as well.