For years, the Apple Mac has billed itself as the last bastion of the security world – an unbreachable fortress of tech-ery. If that’s not tempting fate I don’t know what is. Over the last week a piece of ransomware called KeRanger has swung its way into the Mac’s defenses, resulting in the first known breach of a Mac. It’s causing a bit of gyp, but there may be a small window to avoid the hassle, so if you’re a Mac user make sure you know the score.
KeRanger, ransomware that’s basically the Mac flavour of the well-known Cryptolocker, has been discovered in Apple Mac laptops and desktops. Devices have been infected after downloading a compromised version of Transmission from BitTorrent, which is usually used for downloading pirate software.
It works by lurking on your device for three days, then bam, it encrypts all your business and demands dolla to unlock it – around $400 of your finest bitcoins.
The problem version is Transmission for OS X 2.90, and if you downloaded this version from the official website between March 4th and 5th you could well be at risk. But if you upgrade to the latest, ransomware-free version – version 2.92 – by Monday, 11am PT (7pm GMT) you might be able to avoid having your files encrypted.
If you’re unsure, and you downloaded that version of Transmission at any time, the Transmission authors are saying, “Everyone running [version] 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file.”
Apparently, if you’re tech-savvy enough and want to do a DIY job, the malicious code has a process name ofkernel_service, which can be killed, and stores its executable in ~/Library/kernel_service. Delete this.
Until now, it’s been thought that Macs make up such a small percentage of computers connected to the internet – just under 10% – that attackers didn’t reckon it was worth their time to target them; Macs are also fairly picky about what you can and can’t put on them, so have been a bit more resilient to malware. But, as Apple becomes increasingly popular for enterprise, signs point to these figures rising over the year.
It’s a lesson in complacency that anyone can benefit from – always remember to scan your systems for security breaches and practice good security, especially when downloading. KeRanger is also likely to evolve and find other sneaky ways to get about, so make sure you’re regularly backing up!
For more information on the security solutions available at UKFast take a look at our security page.