'KeRanger' ransomware: What Mac users need to know

A new type of ransomware, called ‘KeRanger,’ emerged Friday as the first fully functioning version of the malware that attacks Apple’s Mac computers.

Over the weekend Apple customers were targeted by hackers using a harmful type of software known as ransomware. Ransomware encrypts data on infected machines and then usually asks users to pay a ransom in order to retrieve their stolen data. The 'KeRanger' malware, which appeared on Friday, is the first functioning ransomware to attack Mac computers. Apple took steps over the weekend aimed at preventing future attacks. Cybersecurity experts estimate that hundreds of millions of dollars in ransom are requested every year by cyber criminals.

March 7, 2016

Hackers targeted Apple customers using ransomware for the first time over the weekend in a cyberattack that highlights the malware’s growing threat to companies and individuals alike, researchers with Palo Alto Networks, Inc. said Sunday.

This particular attack only affects users of the BitTorrent client Transmission. However, the introduction of the malicious code to Mac computers is troubling, because Apple products have long been considered shielded from such attacks.

Ransomware, which seizes a target’s files and data until they pay up, is one of the most rapidly-evolving types of cyberthreats – and security experts estimate that ransoms amount to hundreds of millions of dollars a year, mostly from cybercriminals targeting Microsoft Corp.’s Windows operating system. On Friday, the “KeRanger” malware emerged as the first functioning ransomware that attacks Apple’s Mac computers.

Why China hacks the world

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence director Ryan Olson told Reuters.

Between 2013 and 2015, McAfee Labs researchers saw the total samples of ransomware surge from fewer than 1.5 million to more than 4 million. About 1.2 million were new variants of the malware in 2015, compared to only 400,000 in 2013, the researchers reported.

Hackers target a range of victims, from professional website designers to police departments. In February, hackers used ransomware to hold hostage patient electronic records at the Hollywood Presbyterian Medical Center, which ended up paying $17,000 in bitcoin to retrieve the data.

“Most types of malware are stealthy and you have no idea you are infected. Ransomware is right in your face,” said Keith Jarvis, a senior security researcher with the Counter Threat Unit research team at Dell Secureworks, to The Christian Science Monitor in 2015. "Some users don't have a choice. They need their files back."

The latest attack involved hackers using a tainted copy of a popular program called Transmission, used to transfer data through the peer-to-peer file sharing network BitTorrent, according to a blog posted by Palo Alto on Sunday. When Mac users downloaded the version 2.90 of Transmission, released Friday, the KeRanger invaded their computers and demanded a ransom of 1 bitcoin, or about $400, the blog said.

Why many in Ukraine oppose a ‘land for peace’ formula to end the war

To prevent further infections, Apple has revoked a digital certificate that enabled the malware to install on Macs, according to a company representative, who declined to give further details.

But while the attack may seem to suggest that Mac is becoming less secure, some say it is more a reflection of the evolving nature of security threats. “[T]he nature of software security threats is constantly changing – those things which kept us safe last year don’t necessarily keep us safe now,” writes technology reporter Jonny Evans for ComputerWorld.

Users can also take preemptive steps to protect themselves. In an essay for the Monitor’s Passcode, cybersecurity specialists Paul Ferrillo and Austin Berglas urge companies to train employees to be aware of links in emails, even when the messages appear to have come from their employer, bank, or colleagues. Companies should also develop a backup policy that help identify and address a problem before it becomes a crisis, Mr. Ferrillo and Mr. Berglas write.

Individuals, too, can avoid having to pay ransoms by regularly updating software, backing up their files to an external hard drive, enabling popup blockers, and employing reputable firewalls and antivirus software.

“Unfortunately,” Ferrillo and Berglas write, “ransomware is here to stay despite efforts by security companies to identify and locate encryption keys. It is a relatively cheap, effective way to steal money from companies and individuals.

“But with some preparation and vigilance on the part of consumers and businesses,” they add, “we can ward off these digital Grinches using ransomware to swipe our loot.”

This report contains material from Reuters.