Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of Microsoft’s Windows operating system.
KeRanger is the name given to what is believed to be the “first fully functional” ransomware on the OS X platform. When incorporated into an app, the malware connects to a remote server via the Tor anonymizing service, then “begins encrypting certain types of document and data files on the system.”
The malware then “demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files.” Researchers say the malicious code is “under active development” and seems to be trying to also encrypt users’ Time Machine backups to also prevent them from being able to recover their backed up data.
Transmission BitTorrent client installer for OS X was infected with ransomware, who directly installed Transmission between March 4th and March 5th may be infected with the KeRanger malware. Apple has already revoked the certificate, anyone attempting to open a known-infected version of the Transmission app will now be given a warning dialog box that notes “Transmission.app will damage your computer. You should move it to the Trash,” or “Transmission can’t be opened. You should eject the disk image.”