Security experts have discovered the first ransomware designed specifically for Apple machines. It is disguised in a BitTorrent or file-sharing software and is being used to download files for the OS X operating system.
Researchers in Palo Alto Networks, a cyber-security firm based in California, was the first to detect the scrupulous ransomware and dubbed it "KeRanger" last March 4. The installer of Transmission version 2.90 was the program that was infected, and there is a possibility that the website of the open-source BitTorrent client was compromised as well. However, the tech company cannot confirm how the infection happened.
A Mac machine will not be able to detect immediately if something is amiss for the first three days. KeRanger will then start encrypting the users' files after establishing contact with its server, then demand one bitcoin worth $400 from the owner of the machine. The experts added that the Time Machine backup files are also encrypted in the process, so there is really no option for the victim but to pay the ransom.
Ryan Olson, director of threat intelligence at Palo Alto Networks, said, as quoted by threatpost, "Our best guess at this point is that approximately more than 6,500 infected disk images were downloaded. Of those, our presumption is that many were unable to run the infected file due to Apple quickly revoking the certificate used to sign the binary, as well as updating the XProtect definitions."
Olson added, "We're waiting on confirmation from Apple on that."
Since then, Apple has made the necessary steps to prevent further damage from KeRanger. The XProtect antivirus for Macs has already been updated and the Transmission's digital certificate has already been revoked. Transmission, on its part, took down version 2.90 and replaced it with version 2.92 on Sunday. The latest version is said to be able to remove the ransomware on infected Macs, as Reuters reported.
Back in 2014, Kaspersky Lab intercepted FileCoder, also a ransomware, but it was only half-baked when discovered.
