Ransomware is becoming more and more prevalent. We reported on this trend towards the end of last year and now Apple MAC systems are in the news.
KeRanger, the first, fully-functional ransomware targeting Mac computers has been shut down by Apple who pulled the application’s certificate so that it can’t be installed. The Transmission app, a BitTorrent client which was infected to include this ransomware was distributed from the official transmission website. Once installed the malware waits for 3 days and then “detonates” and begins encrypting files.
Whatever you do, don’t be tempted to pay the ransom to get back your files, it’s an extremely bad idea and you will only lose your money!
There is some concern that this malware is still under development and that the attackers may be trying to develop backdoor functionality that would encrypt users’ Time Machine backups, as well.
You can get full details about KeRanger from Malwarebytes blog.
The built-in anti-malware protection on Mac OS X is known as “Xprotect,” and this was modified by Apple to detect the threat, however, it’s only a simple protection method and doesn’t help with already infected systems.
If you have downloaded the Transmission app recently, you should delete the app and restart your computer. This should prevent the re-activation of the malware.
You can also detect and remove this malware with Malwarebytes Anti-Malware for Mac. Keep in mind, though, that any files that get encrypted before removal will be lost (unless they have been backed up and the backups are still intact).
Another ransomware nicknamed “locky” has recently been affecting Windows systems, It renames and scrambles files and demands you buy a decryption key through the “dark web”. The prices vary from ½ to 1 BTC (Bitcoin) which is worth about £290 at the moment.
If you want some serious detail about locky – take a look here.
If you would like to know more about ransomware, please get in touch.