The First Case of Apple's OS X Ransomware Was Reported in BitTorrent Client App

By Staff Writer

Mar 07, 2016 06:28 AM EST

The first reported OS X ransomware malware that has been widely deployed was detected last week. It was found in the BitTorrent client app Transmission. The malware encrypts affected user's hard drive and asks for payment to allow decryption to the disk so that users can access their data.

Palo Alto Networks, who first detected the ransomware, named it "KeRanger". They reported that attackers infected two installers of Transmission version 2.90 with KeRanger on March 4. Transmission is an open source project, available to download on its official website. How the infection occurred still can't be confirmed, but it's possible that Transmission's official website was compromised and the files were replaced by the modified malicious versions.

When a user download and install the infected app, KeRanger will wait for three days before connecting with some servers and begin encrypting files on the system. KeRanger was reported to specify 300 different extensions, including documents, images, audio and video, archives, source code, and email. After completing the encryption, the malware then demands that victims make a payment of one bitcoin (about $400) to be able to decrypt their files in order to access them. Even more, KeRanger seems to still be under active development as it's also attempting to encrypt Time Machine backup files, preventing victims from recovering their backup data.

The developers for Transmission has responded by removing the malicious version from the website, Transmission official website advised users to immediately install the new update, version 2.92, as reported by Reuters. Transmission claimed that the new version will automatically remove the ransomware from infected Apple's Macs.

Apple has also responded to prevent further infections. The giant tech has revoked a digital certificate that enabled the rogue software to install on OS X devices. Apple used its Gatekeeper system to prevent new installations of the infected software.

According to The Verge, ransomware has hit headlines in recent months, whereas victims are demanded to pay a ransom to the malware operators to remove certain restrictions the malware has caused. In February, it's reported that one LA hospital had to pay $17,000 to regain control of its computer systems after being infected by a ransomware operated by an unknown group. However, the KeRanger case is the first that targeted OS X users and successfully deployed.

Apple's OS X was hit for the first time by a malware, specifically a ransomware that demands payment to give users their access back to the system. Both the infected app and Apple itself has responded to that threat and infected users are not advised to make the payment.

© 2024 VCPOST, All rights reserved. Do not reproduce without permission.

Join the Conversation

Real Time Analytics