MAC users hit with first 'Ransomware'

KingstonsMom · ‎03-09-2010

Apple customers were targeted by hackers over the weekend in the first campaign against Mac computers.

Called KeRanger, hackers infected the computers with this malicious software through a tainted copy of a popular program known as Transmission.

Security researchers said on their blog that KeRanger is programmed to stay quiet for three days after infecting a computer.

It then connects to the attacker's server, starts encrypting files so they can't be accessed and demands a ransom of 1 bitcoin, or about $400, to unlock the computer.

Hackers infect Macs through a tainted copy of a program known as Transmission (pictured). Security experts said on their blog that KeRanger is programmed to stay quiet for three days after infecting a computer. It then connects to the attacker's server, starts encrypting files so they can't be accessed

Transmission is used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog.

Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.

For more info, Google Mac Ransomware.

You never know how strong you are until being strong is the only choice you have.

KingstonsMom · ‎03-09-2010

I'm not a MAC user, but I know many of you are and thought this info may be useful.

I apologize for the huge print, it was a copy & paste and I tried to change it here, but I couldn't!

You never know how strong you are until being strong is the only choice you have.

JennaTheScorpio · ‎02-10-2014

please do not click this link. I clicked it and I got a virus warning on my work computer...yikes!

KingstonsMom · ‎03-09-2010

@Ruby Woo wrote:
please do not click this link. I clicked it and I got a virus warning on my work computer...yikes!

It must be your security settings or something, I don't get that warning and just did a scan, with nothing detected.

I'll remove it though and if anyone wants more info on this, they can Google it.

You never know how strong you are until being strong is the only choice you have.

Another new name Sue · ‎03-11-2010

This happened to my friend (not on a Mac, though). "They" wanted $600 to unlock her computer, but fortunately she was able to get her documents, etc. elsewhere and did not pay.

Recently a business paid $14,000 to get their files unlocked. It was in California, think it was a medical facility or some such.

It's sad. Bad people.

KingstonsMom · ‎03-09-2010

Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of Microsoft Corp's Windows operating system.

HOW DOES THE HACK TAKE PLACE?

Hackers infected Macs through a tainted copy of a popular program known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog posted on Sunday afternoon.

When users downloaded version 2.90 of Transmission, which was released on Friday, their Macs were infected with the ransomware.

Transmission responded by removing the malicious version of its software from its website, www.transmissionbt.com. On Sunday it released a version that its website said automatically removes the ransomware from infected Macs.

The website advised Transmission users to immediately install the new update, version 2.92, if they suspected they might be infected.

Palo Alto Threat Intelligence Director Ryan Olson said the 'KeRanger' malware, which appeared on Friday, was the first functioning ransomware attacking Apple's Mac computers.

'This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,' Olson said in a telephone interview with Reuters.

When users downloaded version 2.90 of Transmission, which was released on Friday, their Macs were infected with the ransomware.

An Apple representative said the company had taken steps over the weekend to prevent further infections by revoking a digital certificate that enabled the rogue software to install on Macs.

The representative declined to provide other details.

Transmission responded by removing the malicious version of its software from its website, www.transmissionbt.com.

On Sunday it released a version that its website said automatically removes the ransomware from infected Macs.

The website advised Transmission users to immediately install the new update, version 2.92, if they suspected they might be infected.

You never know how strong you are until being strong is the only choice you have.