This week a new ransomware has been detected, affecting some Mac users. Ransomware has been a popular criminal business model targeting Windows users for while now, but this new ransomware, called KeRanger, is the first to specifically target Mac OS X machines.
Ransomware is a kind of a malware which imposes a lockout, preventing you from being able to use your computer until you pay a ransom or risk having your data completely wiped after the lockout period.
The KeRanger malware waits dormant in affected machines for 3 days before requesting the ransom. KeRanger then gives victims a 72-hour lockout window before total data destruction, unless a ransom of 1 bitcoin is paid (approximately 552.41 AUD at the time of writing).
Am I at risk?
The KeRanger malware was first discovered in rogue versions of Transmission, a popular BitTorrent client. Shortly after the discovery, Transmission requested all users running the version immediately upgrade or delete their copy, in case they have downloaded a malware-infected file.
The attack is another demonstration of the risks involved with peer to peer file sharing, such as bit torrent. Whilst this particular attack has been limited to the Transmission bit torrent client, it is now not so hard to expect that future attacks may be spread through other file and email methods.
For Mac users, now is the time to be more vigilant about opening email attachments and website downloads.
What can I do about it?
For our clients with a Mac Aid Monitoring service, a report will be received if you have been affected by the KeRanger ransomware so that it can be resolved as soon as possible.