KeRanger is the first of its kind; i.e. the first ransomware to successfully infect Apple systems.
A ransomware is a software that denies a user access to files unless a ransom is paid. It targets files that users would most likely find important: photos, videos, Excel spreadsheets and Word documents.
In this case, KeRanger malware infected the host machine, encrypted some of its contents, and asked for bitcoins ($405) in exchange of decrypting the owner’s data. It was discovered on the 4th of March by two analysts, Claud Xiao and Jin Chen, from the California-based security firm Palo Alto Networks. They that the ransomware was infecting downloads of Transmission, a legitimate BitTorrent file-sharing application.
Attackers had compromised Transmission’s website, changing its download link to include both the Transmission software and the ransomware, according to Ryan Olson, the threat intelligence director at Palo Alto Networks. The analysts found it about four hours after it was first uploaded, he said.
According to a Transmission official, “Our best guess at this point is that approximately 6,500 infected disk images were downloaded.”
Apple revoked a certificate that allowed the software to be installed on Macs, according to Reuters, and Transmission removed the download link from its website on March 5, Palo Alto Networks said.
The infected version of Transmission was replaced with a new version, 2.92, which removes the malware from the computer if it finds it.
This is definitely a wake up call for Apple manufacturers and users also
