'KeRanger' ransomware: What Mac users need to know

A new type of ransomware, called ‘KeRanger,’ emerged Friday as the first fully functioning version of the malware that attacks Apple’s Mac computers.

Hackers targeted Apple customers using ransomware for the first time over the weekend in a cyberattack that highlights the malware’s growing threat to companies and individuals alike, researchers with Palo Alto Networks, Inc. said Sunday.

This particular attack only affects users of the BitTorrent client Transmission. However, the introduction of the malicious code to Mac computers is troubling, because Apple products have long been considered shielded from such attacks.

Ransomware, which seizes a target’s files and data until they pay up, is one of the most rapidly-evolving types of cyberthreats – and security experts estimate that ransoms amount to hundreds of millions of dollars a year, mostly from cybercriminals targeting Microsoft Corp.’s Windows operating system. On Friday, the “KeRanger” malware emerged as the first functioning ransomware that attacks Apple’s Mac computers.

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence director Ryan Olson told Reuters.

Between 2013 and 2015, McAfee Labs researchers saw the total samples of ransomware surge from fewer than 1.5 million to more than 4 million. About 1.2 million were new variants of the malware in 2015, compared to only 400,000 in 2013, the researchers reported.

Hackers target a range of victims, from professional website designers to police departments. In February, hackers used ransomware to hold hostage patient electronic records at the Hollywood Presbyterian Medical Center, which ended up paying $17,000 in bitcoin to retrieve the data.

“Most types of malware are stealthy and you have no idea you are infected. Ransomware is right in your face,” said Keith Jarvis, a senior security researcher with the Counter Threat Unit research team at Dell Secureworks, to The Christian Science Monitor in 2015. "Some users don't have a choice. They need their files back."

The latest attack involved hackers using a tainted copy of a popular program called Transmission, used to transfer data through the peer-to-peer file sharing network BitTorrent, according to a blog posted by Palo Alto on Sunday. When Mac users downloaded the version 2.90 of Transmission, released Friday, the KeRanger invaded their computers and demanded a ransom of 1 bitcoin, or about $400, the blog said.

To prevent further infections, Apple has revoked a digital certificate that enabled the malware to install on Macs, according to a company representative, who declined to give further details.

But while the attack may seem to suggest that Mac is becoming less secure, some say it is more a reflection of the evolving nature of security threats. “[T]he nature of software security threats is constantly changing – those things which kept us safe last year don’t necessarily keep us safe now,” writes technology reporter Jonny Evans for ComputerWorld.

Users can also take preemptive steps to protect themselves. In an essay for the Monitor’s Passcode, cybersecurity specialists Paul Ferrillo and Austin Berglas urge companies to train employees to be aware of links in emails, even when the messages appear to have come from their employer, bank, or colleagues. Companies should also develop a backup policy that help identify and address a problem before it becomes a crisis, Mr. Ferrillo and Mr. Berglas write.

Individuals, too, can avoid having to pay ransoms by regularly updating software, backing up their files to an external hard drive, enabling popup blockers, and employing reputable firewalls and antivirus software.

“Unfortunately,” Ferrillo and Berglas write, “ransomware is here to stay despite efforts by security companies to identify and locate encryption keys. It is a relatively cheap, effective way to steal money from companies and individuals.

“But with some preparation and vigilance on the part of consumers and businesses,” they add, “we can ward off these digital Grinches using ransomware to swipe our loot.”

This report contains material from Reuters.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.