The first Macintosh ransomware attack took place this weekend. It was revealed by Palo Alto Networks researchers on this Sunday.
Ryan Olson, Palo Alto Threat Intelligence Director, said that the first functioning ransomware, “KeRanger” attacking Apple Inc’s Mac computers, appeared on Friday.
Ransomware is a type of malicious software designed to block access to an infected computer system and its data until a sum of money (ransom) is paid. Ransomware is one of the fastest growing cyber threats currently. Initially, only Windows operating system was targeted but now the threat is extended to Mac.
Palo Alto mentioned in a blog on Sunday that Mac computers were infected through a tainted copy of version 2.90 of ‘Transmission’, which was released on Friday. Transmission program is intended to transfer data through BitTorrent peer to peer file sharing network.
It has to be noted that KeRanger stays quiet for three days from the initial infection and then starts encrypting target computer’s files. KeRanger might demand a ransom of about $400(1 bitcoin). Olson rightly said that the infected systems will start losing access to its data from Monday (3 days after initial infection) if it is not cleaned up.
Apple and Transmission Project have taken timely measures on the issue. Apple has revoked the digital certificate which enabled ransomware to install on Macs and updated XProtect antivirus signature.
Whereas, Transmission removed the malicious software installs from its website and also released an updated version of its software which claims to remove the ransomware automatically from the infected Macs.
The Transmission website is now urging its users to install its new updated version 2.92 if they suspect a malicious attack.