Free shipping to Australia
Australia AUD

First OS X Ransomware “KeRanger” Hits the Interwebs


First OS X Ransomware “KeRanger” Hits the Interwebs

Apple have a strong reputation for making their gear hard to infect with anything malicious, but it seems that the very first “ransomware” malware to ever affect OS X has arrived, and like most malware, it’s not pretty.


For those not familiar with the term, “ransomware” is essentially a piece of malware that installs on your system and then encrypts your private data, effectively holding it to ransom until you pay whatever fee is being demanded by the virus-maker to release your info back to you. It’s a pretty nasty tactic even for us one-person types, but for corporations it can be very serious, with an LA hospital recently hitting headlines after having to pay US$17k to regain control of their computer systems in a ransomware attack.


The malware that is popping OS X’s ransomware bubble is called “KeRanger” and has been spread via the Transmission BitTorrent client released last week. Infected versions of the app will install KeRanger onto your hard drive, and it will sit tight for a few days with you thinking everything is fine and dandy, and then – boom: data encrypted, ransom demanded and no data for you.


Fortunately, both Transmission and Apple have acted very quickly to block the spread of the malware, with Apple preventing new downloads through its Gatekeeper security system and Transmission rolling out an update and emergency message (pictured).


Less fortunately, this doesn’t help users who are already affected by the virus. 9to5Mac had this to say:


“Users worried about being impacted by the ransomware should look for the ‘kernel_service’ process in Activity Monitor. This process is named like a kernel system program as a disguise, but it is actually the KeRanger malware. If you are impacted, the recommendation is to restore to an earlier backup of your system before you installed Transmission. This is the best way to ensure the virus has been completely removed from the system.”


For more technical detail on this wee beastie you can check out the Palo Alto Networks run down here:

Suggested Products:

Please wait...

Item successfully added to shopping cart Close