Apple customers have become the victim of the first campaign hackers have launched against Mac computers using ransomware. The attack, which took place over the weekend, used a pernicious type ransomware, researchers with Palo Alto Networks told Reuters on Sunday.
Takes three days to affect
Ransomware is a prominent name among the fastest-growing types of cyber-threats that work by encrypting data on infected machines and then blackmailing users to pay ransom in hard-to-trace digital currencies in exchange for an electronic key to retrieve their data.
Hackers used a tainted copy of a popular program known as Transmission to infect Macs, said Palo Alto on Sunday in a blog. The blog stated that users who downloaded version 2.90 of Transmission, which was released on Friday, got their Macs infected with the ransomware.
Palo Alto stated that KeRanger is programmed to affect a computer and then remain quiet for three days, after which it will connect to the attacker’s server and start encrypting files, rendering them inaccessible. The blog said that once encryption is completed, KeRanger demands a ransom of 1 bitcoin, which is equivalent to approximately $400.
Apple revokes digital certificate
Such cyber-criminals typically target users of Microsoft’s Windows operating system and make hundreds of millions of dollars every year from ransom, noted security experts. Palo Alto Threat Intelligence Director Ryan Olson said that the KeRanger malware appeared on Friday and is the first functioning ransomware to attack Apple’s Mac computers.
To prevent further infections, Apple took some steps over the weekend, such as revoking a digital certificate that enabled the rogue software to install itself on Macs, said an Apple representative. Also Transmission removed the malicious version of its software from its website and released a version to automatically remove the ransomware from infected Apple Macs.
The website advises Transmission users to immediately install the new update, version 2.92, if they suspect their Mac to be infected. The victims whose machines have been compromised but cleanup hasn’t started could start losing data access on Monday, or three days after the virus was loaded onto Transmission’s site, said Olson.