Are apple computers virus free? “KeRanger” ransomware managed to breach the security.
If you are Mac user complacent in the knowledge that your system is malware-proof, it’s time to pull up your socks. Macs are getting infected with ransomware. ‘KeRanger’ ransomware is the first fully functional virus to have infected Macs. The phenomenon came to the forefront as recently as on March 4. So without further ado, let’s get to the story.
This is what happened…
Security Solutions provider for Enterprises, Palo Alto, first reported that Macs were getting infected with ‘KeRanger’ ransomware through Transmission.
For the uninitiated, Transmission is a popular open-source platform that allows peer-to-peer files sharing. Macs that were infected with KeRanger had Transmission version 2.90 installed in them.
KeRanger Ransomware host: Transmission Version 2.90 (Image source: Palo Alto)
The good news is, both Apple and Transmission have taken preventive measures after the tip-off from Palo Alto.
Apple has revoked the digital certificate that allowed the malicious program to install on Macs. Transmission has removed version 2.90 and put up the updated version 2.92 on its website. The latter also maintains that version 2.92 can remove the ransomware from infected Macs automatically.
Apple revoked digital cetificate that allowed Version 2.90 to run on Macs
Transmission Version 2.92 alert
(Image sources: MacWorld)
But what does ransomware do?
Keranger is a particularly vicious ransomware. It locks data on Mac and asks for a bitcoin ($400) as ‘ransom’ to unlock the same.
The rogue software encrypts data files on the system by connecting with the command and control (C2) server. Once the files become inaccessible to the user(s), the malware operator quotes his price (in this case $400) to decrypt/retrieve them.
Now most users would rather pay the money than run the risk of losing precious data such as tax statements, family photos, and the likes.
Keyranger asks for a ‘bitcoins’ to decrypt the locked data
(Image Source: Palo Alto Networks)
But be warned! Paying up doesn’t necessary mean that data will be unlocked. In the past, hackers have been known to take the money without providing decryption codes. They are not high on scruples, you see.
The mellow version of Ransomware which infects Windows system quite often, simply locks the screen and asks for – you guessed it right – a ransom.
Now, if you have a fair amount of technical knowhow, a bit of digging around can fix the nuisance. In case you don’t, the most common tactic a hacker will adopt is a pop up announcing ‘illegal content’ on your system.
Don’t lose your head. Even if you do have ‘illegal content’, paying a fine is hardly going to fix the matter. Consult someone in the know before coughing up any money.
Ransomware claiming ‘illegal content’ on system
(Image Source: Malwarebytes)
KeRanger and other forms of ransomware are frustrating. Hackers are intent on creating more and more menacing prototypes. However, a few simple pre-emptive measures can keep the threat of ransomware and other malware at a minimum.
Know more about Mac and Windows safety measures in our next post.