While all forms of malware are to be avoided, one particularly frustrating type of malicious software is known as "ransomware". As the name denotes, this type of threat allows the malicious attackers to hold the device which the malware is installed, upon hostage. This will lock the device’s owner out, making it impossible for them to access files and use the device as intended. Some forms of ransomware even encrypt the files on the device, making them completely inaccessible without the decryption key.

apple-first-mac-ransomware.png

In order to remove the ransomware, thus regaining access to the files, the device owner is forced to pay a ransom fee. According to The Economist, which cites figures from the Australian Crime Commission, between August and December 2014, 16,000 individual, firms and even government bodies paid a total of $8 million Australian dollars in those fees ($7 million USD). An FBI report from 2015 also warned that these threats are on the rise.

Mac computers infected for the first time.

Mac users are the latest witnesses to the rising of such a threat as users of the Apple-made devices were recently faced with the first ever instance.

Called KeRanger, the ransomware has been detailed by researchers at Palo Alto Networks, with the firm also saying that once the malware finds its way onto a Mac machine, the Mac will usually be held for ransom within three days. Many users found their devices infected after installing installed version 2.90 of popular Mac BitTorrent client Transmission.

Transmission released a statement saying that:

  • “Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file."
  • Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”

Additionally, the company says that Transmission 2.92 will actively remove the malware, though it is unclear whether this will aid users whose devices have already been taken for ransom.

How has Apple addressed the problem?

In addition to Transmission’s own fix, Apple itself has addressed exactly how the ransomware was able to work on Macs. The KeRanger infected Transmission installers were signed with a legitimate certificated issued by Apple, notes Palo Alto Networks. As this development certificate was deemed "valid" by the Mac computers, it was able to bypass Apple’s Gatekeeper protection, and "if a user installs the infected apps, an embedded executable file is run on the system".

Since the KeRanger was discovered, Apple has issued a statement to Reuters explaining that it has revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs." As a result, this malware should be unable to infect Mac computers in future – using this method at least.

How can you protect yourself and your company?

Although Apple was able to move quickly to address the threat of KeRanger, this is not the first time malicious attackers have tried to infiltrate computers (either Mac or PC) and it certainly won’t be the last either. That’s why it is so important to take preventative measures, making it much harder for threats and other malware from getting through instead of just crossing your fingers and hoping for the best.

Security tests can aid you in this, as trusted IT security professionals perform a range of tests, allowing you to identify your weak spots, strengthening them before malicious attackers have a chance to exploit them.

Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.