Subscribe
First Look

'KeRanger' ransomware: What Mac users need to know

A new type of ransomware, called ‘KeRanger,’ emerged Friday as the first fully functioning version of the malware that attacks Apple’s Mac computers.

  • close
    Over the weekend Apple customers were targeted by hackers using a harmful type of software known as ransomware. Ransomware encrypts data on infected machines and then usually asks users to pay a ransom in order to retrieve their stolen data. The 'KeRanger' malware, which appeared on Friday, is the first functioning ransomware to attack Mac computers. Apple took steps over the weekend aimed at preventing future attacks. Cybersecurity experts estimate that hundreds of millions of dollars in ransom are requested every year by cyber criminals.
    View Caption
  • About video ads
    View Caption
of

Hackers targeted Apple customers using ransomware for the first time over the weekend in a cyberattack that highlights the malware’s growing threat to companies and individuals alike, researchers with Palo Alto Networks, Inc. said Sunday.

This particular attack only affects users of the BitTorrent client Transmission. However, the introduction of the malicious code to Mac computers is troubling, because Apple products have long been considered shielded from such attacks.

Ransomware, which seizes a target’s files and data until they pay up, is one of the most rapidly-evolving types of cyberthreats – and security experts estimate that ransoms amount to hundreds of millions of dollars a year, mostly from cybercriminals targeting Microsoft Corp.’s Windows operating system. On Friday, the “KeRanger” malware emerged as the first functioning ransomware that attacks Apple’s Mac computers.

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence director Ryan Olson told Reuters.

Between 2013 and 2015, McAfee Labs researchers saw the total samples of ransomware surge from fewer than 1.5 million to more than 4 million. About 1.2 million were new variants of the malware in 2015, compared to only 400,000 in 2013, the researchers reported.

Hackers target a range of victims, from professional website designers to police departments. In February, hackers used ransomware to hold hostage patient electronic records at the Hollywood Presbyterian Medical Center, which ended up paying $17,000 in bitcoin to retrieve the data.

“Most types of malware are stealthy and you have no idea you are infected. Ransomware is right in your face,” said Keith Jarvis, a senior security researcher with the Counter Threat Unit research team at Dell Secureworks, to The Christian Science Monitor in 2015. "Some users don't have a choice. They need their files back."

The latest attack involved hackers using a tainted copy of a popular program called Transmission, used to transfer data through the peer-to-peer file sharing network BitTorrent, according to a blog posted by Palo Alto on Sunday. When Mac users downloaded the version 2.90 of Transmission, released Friday, the KeRanger invaded their computers and demanded a ransom of 1 bitcoin, or about $400, the blog said.

Recommended: Why China hacks the world

To prevent further infections, Apple has revoked a digital certificate that enabled the malware to install on Macs, according to a company representative, who declined to give further details.

But while the attack may seem to suggest that Mac is becoming less secure, some say it is more a reflection of the evolving nature of security threats. “[T]he nature of software security threats is constantly changing – those things which kept us safe last year don’t necessarily keep us safe now,” writes technology reporter Jonny Evans for ComputerWorld.

Users can also take preemptive steps to protect themselves. In an essay for the Monitor’s Passcode, cybersecurity specialists Paul Ferrillo and Austin Berglas urge companies to train employees to be aware of links in emails, even when the messages appear to have come from their employer, bank, or colleagues. Companies should also develop a backup policy that help identify and address a problem before it becomes a crisis, Mr. Ferrillo and Mr. Berglas write.

Individuals, too, can avoid having to pay ransoms by regularly updating software, backing up their files to an external hard drive, enabling popup blockers, and employing reputable firewalls and antivirus software.

“Unfortunately,” Ferrillo and Berglas write, “ransomware is here to stay despite efforts by security companies to identify and locate encryption keys. It is a relatively cheap, effective way to steal money from companies and individuals.

“But with some preparation and vigilance on the part of consumers and businesses,” they add, “we can ward off these digital Grinches using ransomware to swipe our loot.”

This report contains material from Reuters.

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK