Cyber-criminals target Macs with ransomware

This week, there’s more proof that every users of Mac OS need to be as vigilant as Windows users when it comes to locking down their computers.

Security researchers have picked up on one more reason to make sure every operating system has some form of internet security on it this week, with Mac OS X getting infected with ransomware.

If you’re unfamiliar with the term, “ransomware” is a nasty little piece security exploit that when opened looks at files you might be commonly using and locks them down, encrypting them in such a way whereby you’ll need to actually pay a ransom in order to get the key to unlock them.

Paying that ransom doesn’t always work, though, and so ransomware can be highly destructive, with security researchers often suggesting to never pay the ransom and to delete the security issue, relying on backups for files if you are infected.

Not getting infected by ransomware is always going to be the best approach, however, and that’s where internet security solutions come into play.

In the past year or two since ransomware popped up on the scene, Windows and Android have generally been the targets, but researchers this week at Palo Alto Networks have found that Mac OS is now in the sights of cybercriminals, with a piece of software including a ransomware variant inside.

According to the folks at Palo Alto Networks, a BitTorrent application named “Transmission” included the ransomware virus “KeRanger”, which according to its researchers would sit on a computer for three days before doing anything and unleashing its payload, which encrypts files on a computer and then asks for payment before unlocking them.

While it’s bad that a security exploit was found to work on a Mac, it’s worse that it happened with a real version of the torrenting application, though we’re told Transmission’s developers were on it pretty quickly, restoring regular virus-less versions of the app.

Now we’re not going to debate the valid reasons for using torrenting programs because there definitely are some, though we’d hazard a guess that the majority of people relying on torrenting are perhaps using the apps for some less than legal options, if not some downloads that stray into grey areas.

If you are doing this, internet security is vital for lots of reasons, with tracking, port cracking, and fake files being some of the main reasons.

The Mac ransomware infection of a torrenting app, however, just cements this need even more, and while Apple was also on guard quickly, revoking access to the certificate the virus was taking advantage of, it still highlights the need for security software on every platform, Mac included.

“Although this particular attack was quickly shut down, we may potentially see a new wave of similar attacks in the near future,” said Joji Hamada from Symantec’s Security Response team.

“It’s always important to take caution when installing software downloaded from the internet,” said Hamada.


It might even be worth pulling apart the KeRanger threat a little more, with one of Symantec’s rivals Bitdefender chiming in with an analysis of its own, discovering that the exploit offers a very similar build to another virus that has been plaguing Linux users.

Bitdefender has since published information online suggesting that this is a Mac variant of the same exploit, with the attackers signing the exploit with a real security certificate which was able to circumvent Apple’s native security scanning checking system built into every Mac since 2012’s release of Mac OS X 10.8 “Mountain Lion”.

As for whether this clone of the Linux version will make its way to other platforms — and more than a clone, it is technically a mutation — Bitdefender’s researchers told us that was actually a distinct possibility, again pushing forward just how important security software is.

“I don’t have to tell you that the concept of ransomware can be (and is currently) applied to all operating systems,” said Alexandru Balan, Chief Security Researcher at Bitdefender in Romania, advising that ransomware has so far appeared on Windows, then Android, with Linux and OS X following shortly behind.

“It’s insanely good money for the bad guys at a very low price, since they’re either the same guys behind coding the malware of they rent the kit and just slightly modify the code,” he told GadgetGuy.

“According to independent sources, they [have] made over 120 million in revenue in just a bit over half of a year [last year],” Balan said.

One other point is worth mentioning, which seals the deal for why you need security software on a Mac, and that is this: if a Mac has been broken into by forcing past Apple’s security system for checking issues — “Gatekeeper” is the official name from Apple, and it is part of Mac OS X since 10.8 — there is now the risk that this could happen again.

We did note before that Apple was onto this very quickly, revoking the certificate and stopping the ransomware exploit in its tracks, but all it takes is this to happen continuously for it to become so problematic that it becomes very, very difficult for Apple to protect against.

“This precedent shakes the foundation of OSX security,” Balan told GadgetGuy.

“It tells all Apple users that any application they have installed could have been a backdoor. Transmission could be the one that, after it got hacked, it got public. Others could have gotten hacked but still, silently, steal information from people’s MacBooks.”

So there you have it, and even if your apps are clear on Mac OS — which his very likely — make sure you grab some form of internet security, people. It’s just one of those necessary things.