Apple Inc customers were targeted by hackers over the weekend. It seems to be the first wave of ransomware targetting Apple products.
Ransomware is one of the fastest-growing cyber threats. It basically encrypts data on infected machines and then they typically ask for payment in order for users to get their data back using hard-to-trace digital currencies before they are given an electronic key to decrypt their data.
Computers with Microsoft Windows operating systems used to be the primary target before, but now it seems that they are expanding their reach.
Watch video here:
Palo Alto Threat Intelligence Director Ryan Olson said the “KeRanger” malware, which appeared on Friday, was the first functioning ransomware attacking Apple’s Mac computers.
“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Olson said in a telephone interview.
Hackers infected Macs through a tainted copy of a popular program known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog posted on Sunday afternoon.
When users downloaded version 2.90 of Transmission, which was released on Friday, their Macs were infected with the ransomware, the blog said.
An Apple representative said the company had taken steps over the weekend to prevent further infections by revoking a digital certificate that enabled the rogue software to install on Macs. The representative declined to provide other details.
Transmission responded by removing the malicious version of its software from its website (www.transmissionbt.com). On Sunday it released a version that its website said automatically removes the ransomware from infected Macs.
The website advised Transmission users to immediately install the new update, version 2.92, if they suspected they might be infected.
Palo Alto said on its blog that KeRanger is programmed to stay quiet for three days after infecting a computer, then connect to the attacker’s server and start encrypting files so they cannot be accessed.
After encryption is completed, KeRanger demands a ransom of 1 bitcoin, or about $400, the blog said. (bit.ly/1Rvroxv)
Olson, the Palo Alto threat intelligence director, said that the victims whose machines were compromised but not cleaned up could start losing access to data on Monday, which is three days after the virus was loaded onto Transmission’s site.
Representatives with Transmission could not be reached for comment.
Was this helpful?
As we value quality over quantity, we have focused our unified I.T. services to Small and Medium businesses only to Arizona specifically in Phoenix, Scottsdale, Glendale Metro areas.
Our technicians are available the very instant you call us; thereby, ensuring no interruption of your usual business operations. In case you can’t access our contact page, our phone support is always available to cater to your calls. Just give us a ring at 480-464-0202.