For years Mac owners have been able to take comfort from the fact that, on balance, their device is less vulnerable to security scams than PCs using other operating systems. That included protection from ransomware – until now. Security analysts at Palo Alto Networks recently discovered fully-functional ransomware that’s specifically designed to attack Apple devices. Mac users need to be aware that a ransomware attack is no longer a remote possibility.
What is KeRanger?
KeRanger is the ransomware that’s causing concern. It’s thought to be the first live ransomware designed for the Mac. Kaspersky Labs first came across it in 2014, but back then it wasn’t fully operational and wasn’t considered a danger at that time. Now KeRanger is considered more dangerous, and perhaps at the vanguard of more threatening malware designed to attack Apple products.
How does this new ransomware work?
It’s spread via torrenting software, which is designed for file sharing and is often used for distributing pirated music, video and similar, though it also has a range of legitimate uses. The specific software that the malware uses is a legitimate BitTorrent client called ‘Transmission’.
CNet has explained the threat KeRanger poses. It’s an evolving ransomware threat that aims to encrypt the backup data on a user’s device. Typically, the only way to resolve a ransomware attack is to restore your system data from a backup copy. KeRanger prevents this, so that the user has no choice except to pay the ransom in order to recover the data.
Apple has taken various steps in response. It has updated its XProtect antivirus software and withdrawn the security certificate that KeRanger needs to function. Transmission has also taken steps, removing infected versions of their torrenting software so the ransomware can’t be downloaded and spread. But anyone who downloaded the Transmission installer in early 2016 may be at risk. You can go to Palo Alto Network’s website to find out whether your Mac computer has been infected, and what to do to rectify the problem.
The reason ransomware works for cybercriminals is that it’s incredibly difficult for most users to decrypt the hijacked files themselves. Because the consequences of losing all your data are so massive, the scammers exploit that fear. Beating cybercriminals demands preventive measures. Making sure you have strong security in place is the way to go. In the workplace torrenting files should probably be avoided anyway and business owners should make this clear to their staff.
Mac users can’t afford to be complacent
Everyone is vulnerable to cybercriminals and ransomware can be particularly destructive. Making sure your system is protected so you don’t end up paying out to recover from a ransomware attack is something that has to be done. To make sure
your IT systems are safe from ransomware and other malware, give the security professionals at Quikteks a call at (973) 882-4644.