While ransomware attacks are a known risk on PCs running Microsoft's Windows platform, they are not a typical occurrence on Apple's OS X operating system.
However, security company Palo Alto Networks Inc. has discovered what it calls “the first fully functional ransomware seen on the OS X platform”.
A ransomware campaign involves software that encrypts and closes files on a system, using strong algorithms to lockdown infected files. Users are then charged to have the files (which are typically critical to everyday operations) unlocked, but not even paying the “ransom” resolves the problem in most cases.
In this instance, Palo Alto Networks Research Center found that Mac OS X users running the Transmission BitTorrent Client have been affected by the malware.
The company says the ransomware is the known “KeRanger,” and marks the first time Apple's system has been systematically hit with ransomware. The KeRanger burrows into the system and stays hidden during the first days, before finally emerging to start encrypting files and basically shutting down areas of the system.
The malware also infects backup data, so users are unable to revert to a previous state. Once infected, users are held ransom for one Bitcoin (around US$400), which it to be sent to a given address, before the ransomware gives back the files.
Transmission 2.90 seems to be causing the problem, with the BitTorrent Client compromised from source, so those using that build version should update to version 2.92 immediately.
While hundreds of thousands of Windows PCs have been infected by several ransom attacks, early signs suggest only 6,500 machines running OS X have been infected. We reached out to Apple for clarification, but have yet to receive a response.
SOURCE: Palo Alto Networks