Hackers Developed a Ransomware for Mac Computers

Posted on April 15, 2016.

For several years, Ransomware has been a profitable business opportunity for malware developers. Although it has primarily targeted machines running Windows, due to the operating system's large market share, the infections have recently expanded to mobile devices, Linux servers, and, now, even machines running Apple's OSX operating system.

On March 4, 2016, Palo Alto Networks, a security firm, discovered that OSX versions of Transmission, a popular cross-platform BitTorrent client, had been infected with a new type of Ransomware for Mac computers that they dubbed “KeRanger.” The infection has only been found in the 2.90 version of the Transmission client, and it has not infected versions for other platforms, such as Windows or Linux.

It has been speculated that the official Transmission Web site had been compromised, and legitimate versions of the OSX transmission client had been replaced with versions containing the malicious software. The infected versions have since been removed, and Transmission users on OSX are encouraged to upgrade to the 2.92 version of the Transmission client, which should remove the older version.

The malicious software was signed using an official Mac development certificate, which has since been revoked, allowing it to bypass Apple's GateKeeper feature that prevents the installation of potentially dangerous software. Once installed, KeRanger waits 72 hours and then uses the Tor network to communicate with a control server, after which it encrypts a user's files and demands 1 bitcoin to release them, or just over $400. The software also targets Time Machine backup files, preventing users from restoring earlier versions of their files.

To prevent Ransomware for Mac computers from infecting your machine, you should keep your version of OSX updated and install a third-party anti-virus program. You should also make regular backups of your important files to an external device that is disconnected between uses, and install firewall software, which will prevent unauthorized programs from accessing the Internet and prevent outside computers from accessing your machine.