Ransomware is a major problem in both the personal and private sectors of computing, but up until very recently, Apple users had little to fear from potential ransomware hacks. Security researchers at Palo Alto Networks have discovered what’s known to be the first completed ransomware on an Apple device. The threat, called KeRanger, is officially “in the wild,” and is a danger to any Mac user.
KeRanger is the first-ever completed ransomware that specifically targets the OS X operating system. In 2014, Kaspersky Labs found an incomplete form of ransomware for Mac, but it wasn’t a viable threat at the time. Now, however, KeRanger is free to usher in a host of more dangerous threats that could target Apple’s coveted operating systems.
This ransomware is spread through a torrenting software called Transmission. Torrenting is a type of software designed to share large files. It’s most widely used to distribute pirated content, like copyrighted films, tv shows, music, and more.
The KeRanger threat as explained by CNet:
If a user installed one of the infected versions of Transmission, an executable file embedded within the software would run on the system. At first, there'd be no sign of a problem. But after three days, KeRanger would connect with servers over the anonymous Tor network and begin encrypting certain files on the Mac's system.
Researchers claim that KeRanger is still under development, but it’s also trying to find a way to encrypt the victim’s backup data. If this happens, users will have virtually no chance of getting their data back without paying the dreaded ransom. Consider how important of a precedent this sets for ransomware; if a ransomware is capable of encrypting not just the files on your local PC, but also the files on your network and your backup files, it could become the most dangerous threat on the Internet.
To counteract this threat, Apple has revoked the security certificate that KeRanger exploits, and has updated its XProtect antivirus software. Transmission has also removed the infected version of its installer, so those who download the client won’t get the ransomware. However, those who have installed Transmission sometime between March 4th and 5th may be affected by KeRanger. If you want detailed instructions on how to identify if you’ve been targeted by KeRanger, and to learn how to best protect yourself from it, you can visit Palo Alto Networks’ site.
Most ransomware makes it borderline impossible to decrypt your files on your own. This is how hackers extort money from users. They play off of the irrational actions caused by fear. This is why it’s so important to protect your business’s assets from ransomware, before you fall prey to it. Implementing a solid security solution is a great way to do so, and you should generally avoid torrenting files in the office anyway. Also, it’s especially important that your employees understand security best practices when browsing the Internet.
The most obvious and important course of action to remember is that your business needs to protect its assets from ransomware, before you get infected. To make sure that your network is protected from ransomware, give Evolve IT a call at (518) 203-2110.