Security researchers have found malware to encrypt Apple Mac computers and demand ransom to unlock them.

Security researchers have found malware to encrypt Apple Mac computers and demand ransom to unlock them
Mac computers tend to be regarded as relatively safe from attack, but the migration of so-called ransomware targeting the Microsoft Windows operating system to Apple’s Mac OS X is yet another indicator that things are changing.

Mac users need to be more vigilant and aware of the risks, while cyber security professionals need to equip themselves to identify and quickly respond to this new malware threat, especially in having a pragmatic approach in place for managing extortion-style threats, say security industry pundits.

“As Apple computers and devices become more popular with corporate IT departments, there’s a recognition by attackers that valuable data and resources are available by targeting Mac users,” said Vann Abernethy, chief technology officer at security firm NSFOCUS IB.

“These types of attacks will become increasingly common as the platform gains acceptance within the enterprise world, just as Microsoft Windows is targeted for similar reasons,” he said.

Ransomware is currently one of the most popular ways for cyber criminals to extort money from individuals and organisations in the form of the unregulated bitcoin cryptocurrency.

According to the UK National Crime Agency, ransomware is one of the top international cyber threats, along with distributed denial of service (DDoS) attacks and bullet-proof hosting services.

The newly discovered KeRanger ransomware targeting Mac was discovered hidden in a version of the Transmission BitTorrent client by researchers from security firm Palo Alto Networks.

Businesses are still getting caught by ransomware, despite the fact that there are fairly straightforward methods to avoid it.

Like its Windows counterparts, KeRanger encrypts files on infected computers with a strong encryption algorithm and contains a payment process enabling the victim to purchase decryption for 1 bitcoin- currently worth around £290.

A special feature of KeRanger is a three day delay after infection, which researchers believe was aimed at getting as many users to download the infected version of the Transmission client before its hidden payload was revealed.

By hiding the ransomware in the Transmission client for downloading and sharing BitTorrent files, attackers were attempting to bypass Mac OS security because the Transmission software is signed with a valid developer certificate, causing the Mac operating system to consider it safe and allow installation.

The discovery of Keranger is a sign that Mac users need to be educated on basic information security practices, just like Windows users have been over the past 10 to15 years.

Leave a Reply