Apple users have fallen prey to ransomware for the first time ever. The ‘KeRanger’ malware appeared hidden in the popular BitTorrent application, Transmission. Users’ Macs were infected upon downloading the latest copy.
A ransomware is malicious code, like any other type of malware. The way it works is usually by hiding inside a program one may hastily download, irrespective of the risks. A message then appears, telling the user all or part of their files have been encrypted, and the only way to decrypt them is by paying a ransom – usually in digital currency, which is difficult to trace.
An attack of this sort struck computers in a US hospital in Hollywood recently, forcing it to pay a $17,000 ransom to regain control of its systems. The hackers had originally demanded $3.7 million.
On Friday, a similar fate befell Apple users as they downloaded Transmission 2.90, researchers at the company’s Palo Alto headquarters said on Sunday in their blog.
The company’s Threat Intelligence Director Ryan Olson confirmed to Reuters over the phone that the ‘KeRanger’ malware was “the first one in the wild that is definitely functional, encrypts your files and seeks a ransom.
“Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site,” Apple continued on its Palo Alto blog.
“The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection,” they explained.
“If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system.”
After this is complete, the malware demands $400 from every infected user, equivalent to one bitcoin.
An Apple representative told the agency the company has been implementing various contingency measures over the weekend.
The company says anyone who hasn’t paid up could start losing data on Monday.
https://www.rt.com/news/334760-ransomware-hack-attack-apple/
LIE
this aint the first time , and I know this for FACT
it happened to me about 6 months ago , so this aint the first time
was on a mobile device of apples too, now mine was on a much smaller scale than this , but it proved out that this might have been a test run ..
all I had to do to eliminate it was to empty out my cache and clear history and website data , Im sure the next time around they learned more
and next will be the government putting shit into our phones through manipulation of the companies developing and selling these devices .. we are not protected folks
I could be wrong, but I think they’re only talking about Macintosh computers rather than mobile devices, but you’re right about them being attacked too.
The only reason they’re not attacked frequently is because they only comprise a small percentage of the computers out there, and if you’re writing attack code, (or “malicious software”) you’re going to make it work on the largest number of computers, just like any other software developer.
Ahh , I see what your saying JR.. I mis read the story a bit, but as far as Apple or anyone of them protecting its customers .. that horse left the barn a long time ago