New ransomware targets Apple Mac computers for 1st time
KeRanger malware infected popular Transmission software during a cyberattack on software's developer
The first knownransomwareattack onApple Inc's Mac computers, which was discovered overthe weekend, was downloaded more than 6,000 times before thethreat was contained, according to a developer whose product was
tainted with the malicious software.
Hackers infected Macs with the "KeRanger"ransomwarethrougha tainted copy of Transmission, a popular program for
transferring data through theBitTorrentpeer-to-peer filesharing network.
So-calledransomwareis a type of malicious software thatrestricts access to a computer system in some way and demandsthe user pay a ransom to themalwareoperators to remove therestriction.
- Ransomware: What you need to know
- Hollywood hospital hit withransomwareonly the latest in trend ofmonetizingcyberattacks
KeRanger, which locks data on Macs so users cannot accessit, was downloaded about 6,500 times before Apple and developerswere able to thwart the threat, said John Clay, a representativefor the open-source Transmission project.
That is small compared to the number ofransomwareattackson computers running MicrosoftCorp'sWindows operatingsystem. Cyber security firmSymantecCorpobserved some8.8 million attacks in 2014 alone.
More Mac attacks expected
Still, cyber security experts said they expect to see moreattacks on Macs as the KeRanger hackers and other groups lookfor new ways to infect Mac computers."It's a small number but these things always start small andramp up huge," said Fidelis Cybersecurity threat systems managerJohn Bambenek. "There's a lot of Mac users out there and a lotof money to be made."
Symantec, which sells anti-virus software for Macs, warnedon its blog that "Mac users should not be complacent." The postoffered tips on protecting against ransomware.
The Transmission project provided few details about how theattack was launched.
"The normal disk image (was) replaced by the compromisedone" after the project's main server was hacked, said Clay.
He added that "security on the server has since been "increased" and that the group was in "frequent contact" with
Apple as well as Palo Alto Networks, which discovered theransomware on Friday and immediately notified Apple and
Transmission.
An Apple representative said the company quickly took stepsover the weekend to prevent further infections by revoking adigital certificate that enabled the rogue software to installon Macs.
Transmission responded by removing the malicious 2.90version of its software from its website
(www.transmissionbt.com). On Sunday, it released version 2.92,which its website says automatically removes the ransomware frominfected Macs.
Forbes earlier reported on the number of KeRanger downloads,citing Clay.