Mac users get first taste of ransomware

Deborah Salmi 8 Mar 2016

Ransomware targets Mac users for the first time.

For Mac users, hell has finally frozen over. The first case of working ransomware targeting OS X was reported this past weekend. 

Macs have a reputation of being secure when it comes to malware attacks, but this new ransomware shows that they are not completely immune. Similar threats targeting PCs were adjusted to target mobile devices and the same will probably be true for Macs.  

"This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom," said Palo Alto Threat Intelligence Director Ryan Olson in a Reuters interview. The researchers dubbed the ransomware “KeRanger.”

Ransomware has successfully attacked Windows and Android users, usually when a user is tricked into clicking an infected link in an email or an infected ad on a website. The ransomware then locks all the files in the system and demands money for a key that will unlock the files. 

Avast Free Mac Security detects and block ransomware before it can get onto a device. It's a free download, so make sure you are protected.

“Any ransomware that gets onto your device, whether a Mac, PC, or smartphone, is a serious threat," said Jan Sirmer, a researcher from the Avast Virus Lab. "Most people are scared when they see their device has been locked and their data has been encrypted so they pay the ransom. We generally advise against paying the ransom, because this rewards the malware authors for their work and encourages them to continue spreading ransom, but sometimes it can’t be helped.” 

One of the most recent attacks locked up the servers of the Hollywood Presbyterian Medical Center in Los Angeles. Because their patient records are vital to hospital operation, they opted to pay $17,000 in bitcoin, the preferred digital currency of cybercrooks, to get them back. Law enforcement offices have been victims as well.

The attack on the OS X platform was delivered in a different way. Hackers infected two installers of a program known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network. The malware encrypts files and demands a ransom of one bitcoin, which is worth around $400, to decrypt the files and give control back to the users.

“This particular ransomware targets the Transmission BitTorrent client, so users should upgrade Transmission to the latest version as soon as possible,” said Sirmer. “This can even help users who recently updated to Transmission 2.90, since the ransomware takes three days before contacting the command and control server.”

Even though Apple was fast-acting and shut down the ransomware, Sirmer says Mac users must protect themselves.

“The main threats targeting Mac users are mostly adware, but this new threat shows that the trend may change.”

“At the moment, Windows users are still the main targets,” he says. “Malware authors might, however, begin seeing Macs as a more attractive target. The number of Mac users is growing and more importantly, many Mac users think their device is immune to attacks and therefore do not protect their Macs with antivirus programs, leaving them open to attacks.”

Protect yourself from ransomware

The most important thing you can do to protect yourself is to install an antivirus program like Avast Free Mac Security which can detect and block ransomware before it can get onto a device.

Avast has a decryption tool to help Mac users infected with the FindZip ransomware decrypt their files. Visit the Avast Ransomware Decryption Tools page. 

--> -->