The first ransomware attack targeting Macs

Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages
Filter by Categories
Newsletter

This week a new ransomware has been detected, affecting some Mac users. Ransomware has been a popular criminal business model targeting Windows users for while now, but this new ransomware, called KeRanger, is the first to specifically target Mac OS X machines.

What is ransomware?

Ransomware is a kind of a malware which imposes a lockout, preventing you from being able to use your computer until you pay a ransom or risk having your data completely wiped after the lockout period.

The KeRanger malware waits dormant in affected machines for 3 days before requesting the ransom. KeRanger then gives victims a 72-hour lockout window before total data destruction, unless a ransom of 1 bitcoin is paid (approximately 552.41 AUD at the time of writing).

Am I at risk?

The KeRanger malware was first discovered in rogue versions of Transmission, a popular BitTorrent client. Shortly after the discovery, Transmission requested all users running the version immediately upgrade or delete their copy, in case they have downloaded a malware-infected file.

The attack is another demonstration of the risks involved with peer to peer file sharing, such as bit torrent. Whilst this particular attack has been limited to the Transmission bit torrent client, it is now not so hard to expect that future attacks may be spread through other file and email methods.

For Mac users, now is the time to be more vigilant about opening email attachments and website downloads.

What can I do about it?

The only foolproof defence against these attacks is a regular offline backup. This means a back up that is not constantly connected to your Mac.
If you are unsure if you have this is place, or need help setting up an offline back, please feel free get in touch.

For our clients with a Mac Aid Monitoring service, a report will be received if you have been affected by the KeRanger ransomware so that it can be resolved as soon as possible.