Sorry, Mac fans. Now you’re no better off than regular old PC users. Security researchers have discovered what they believe to be the first-ever ransomware attack targeted at Apple users that actually made it out “into the wild,” meaning it’s a genuine threat. And in bad news for downloading fiends, it’s being spread through torrenting software.
The problem was detected recently, when a team of researchers at Palo Alto Networks found a popular BitTorrent client for Apple’s OS X software for Macs that was infected with the ransomware, which they have dubbed “KeRanger.” The BitTorrent software in question is Transmission, which Mac users can install on Apple’s OS X operating system and then use to access shared files in so-called torrent swarms (which, let’s not lie, is usually pirated content). It’s not the very first time Mac-targeting ransomware has been detected by security experts. In 2014, Kaspersky Labs discovered such software, though it wasn’t complete at the time.
KeRanger, by contrast, marks the arrival of truly dangerous ransomware on the OS X platform. “This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence Director Ryan Olson stated.
It’s an unwelcome arrival for Apple fans, who have long heralded the Mac as an untouchable rival to Windows PCs. While PCs periodically make headlines for being targeted with viruses, malware and any number of digital infections, Mac users have largely been able to avoid serious antivirus talk. Until now. The stakes are high with KeRanger. Ransomware is designed to infect a computer and then put the owner in a bind, locking up files or functionality and essentially bricking the device until the user pays to have the problem neutralized. This particular piece of ransomware brings with it a $400 ransom note. If a user installed one of the infected versions of Transmission, an executable file embedded within the software would run on the system. At first, there’d be no sign of a problem. But after three days, KeRanger would connect with servers over the anonymous Tor network and begin encrypting certain files on the Mac’s system.
“After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files,” the researchers wrote in their findings. “Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.”