Call us on 0333 101 7300

First fully functional Mac ransomware spotted!

Mar 10 2016

First fully functional Mac ransomware spotted!

Ransomware is becoming more and more prevalent. We reported on this trend towards the end of last year and now Apple MAC systems are in the news.

KeRanger, the first, fully-functional ransomware targeting Mac computers has been shut down by Apple who pulled the applications certificate so that it can’t be installed. The Transmission app, a BitTorrent client which was infected to include this ransomware was distributed from the official transmission web site. Once installed the malware waits for 3 days and then “detonates” and begins encrypting files.

What ever you do don’t be be tempted to pay the ransom to get back your files, it’s an extremely bad idea and you will only loose your money!

There is some concern that this malware is still under development and that the attackers may be trying to develop backdoor functionality that would encrypt users’ Time Machine backups, as well.

You can get full details about KeRanger from Malwarebytes blog.

The built-in anti-malware protection on Mac OS X is known as “Xprotect,” and this was modified by Apple to detect the threat, however, it’s only a simple protection method and doesn’t help with already infected systems.

If you have downloaded the Transmission app recently, you should delete the app and restart your computer. This should prevent re-activation of the malware.

You can also detect and remove this malware with Malwarebytes Anti-Malware for Mac. Keep in mind, though, that any files that get encrypted before removal will be lost (unless they have been backed up and the backups are still intact).

Last year we published two articles covering Malware, they are well worth a look to remind you of the dangers and how to prevent being affected.

How to spot dangerous links in emails

Cryptowall ransomware version 2 is now in the wild

Another ransomware nicknamed “locky” has recently been affecting Windows systems, It renames and scrambles files and demands you buy a decription key through the “dark web”. The prices vary from ½ to 1 BTC (Bitcoin) which is worth about £290 at the moment.

If you want some serious detail about locky – take a look here.

If you would like to know more about ransomware, please get in touch.

0 Comments
Share Post
No Comments

Sorry, the comment form is closed at this time.