News

March 8, 2016

Ransomware Targets Apple Users!

For years, Mac users were left out of the wicked world of Internet viruses like ransomware. For years, they had their noses up at PC users. But all that has changed. The world’s first fully functional ransomware is now targeting OS X operating systems.

What is ransomware?

Ransomware is one of the fastest growing cyber threats. It encrypts the important documents on your computer and asks the victims to pay ransoms in digital currencies in order to gain access to their data.

What is KeRanger?

The first OS X ransomware is called KeRanger. It comes bundled in the Mac app Transmission, a free and open-sourced BitTorrent client for Mac with millions of users. About 6,500 users downloaded the infected software.

How does KeRanger work?

Once your computer is infected, it embeds itself in your machine and encrypts your hard drive after 3 days. KeRanger then asks you to pay 1 Bitcoin, approximately $410, to decrypt your hard disk and regain access to your files. The malware has a 72-hour lockout window unless payment is made.

How can I protect myself against KeRanger?

Check if the following files are on your computer:

  • /Applications/Transmission.app/Contents/Resources/General.rtf
  • /Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf

If they are, your Transmission app is likely infected. KeRanger also has process names like “kernel_service,” “kernel_pid,” “kernel_time,” or “kernel_complete” which can be killed. They are stored in the ~/Library directory. Delete these files if they exist.

Time for an upgrade

Soon after, Transmission developpers released an updated version 2.92 to remove the KeRanger malware files. If you downloaded a vulnerable copy of Transmission before the weekend, uninstall it now and upgrade to the clean and malware free 2.92 version. If you are running version 2.90 or 2.91 on OS X, immediately upgrade to 2.92.

No one is safe

Mac users are no longer as safe as they thought they were, which means they should be mindful with their Internet usage and downloading. Stay informed, keep timely backups, and make sure your Mac is free of KeRanger as soon as possible!

Most importantly, start asking your IT provider how they can help you take the necessary precautions! Genatec has been quick to respond to this new threat and can help you protect yourself as well as get you out of trouble, just ask us how by calling 1-877-855-1223.

Related Posts