PhotoResearchers at Palo Alto Networks say they discovered what appears to be the first ransomware attack on Apple MacIntosh users over the weekend.

Ransomware is a particularly scary form of malware. Once downloaded to a computer or network, it encrypts all files. The operator will only provide a key to unlock the encryption if the victim agrees to pay a ransom using Bitcoins.

“On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted,” Palo Alto posted on its website.

“We have named this Ransomware KeRanger. The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.”

Hospital paid ransom

In a high profile case last month, Hollywood Presbyterian Medical Center paid a $17,000 ransom after its files were encrypted.

Ransomware has become highly profitable for cybercriminals, but in the past they have targeted systems running Microsoft Windows. In this latest case, Palo Alto Networks said the hackers were successful in the Mac attack through a compromised copy of Transmission, a widely-used program to transfer data.

“Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4,” Palo Alto Networks reports. “When we identified the issue, the infected DMG files were still available for downloading from the Transmission site.

The company said it is possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but said it can’t confirm how this infection occurred.

Advice for consumers

Most consumers victimized by ransomware fall into the trap by clicking on a link in an email. Since a growing number of consumers now know not to do that, scammers are working extra hard to trick them.

The Federal Trade Commission (FTC) warns that one of the latest tricks is to send what looks like a courtesy email to track a package. With the growing popularity of online shopping, the chances a recipient of the phishing email has actually just ordered something are great, and the target might be more likely to click on a link.

Besides diligence, the FTC says the best way to protect yourself from the ransomeware threat is to faithfully back up your data. If you back up to an external hard drive, make sure it is connected to your PC only when it is actively receiving files.


Share your Comments