KeRanger ransomware affects Mac users in a first fully-functional attack
KeRanger ransomware affects Mac users in a first fully-functional attackReuters

Users of Apple's Mac computers witnessed the first real-world ransomware attack over the weekend, security research firm Palo Alto Networks revealed Sunday. The ransomware originated from a legitimate BitTorrent application called Transmission, but early identification of the threat led Apple to quickly block the cyberattack.

Palo Alto discovered Friday the fully-functional OS X ransomware, which they dubbed "KeRanger," and reported it to Apple and Transmission Project immediately. As a result, Apple revoked the digital certificate that allowed the malicious software to be installed on Macs, and updated its XProtect antivirus engine. The team behind the open-source Transmission project has since removed the malicious installers from its website.

Transmission Project updated the free Mac BitTorrent client and warned its users to immediately upgrade to the latest available version (v2.92), which thoroughly removes the KeRanger ransomware from Macs. Transmission version 2.91, although unaffected, requires an upgrade as it was not able to automatically remove KeRanger from the systems.

Ransomware is a major threat in the rapid-growing world of cybercrimes. This type of infection encrypts data on infected machines and seeks monetary ransoms in the form of digital currencies such as bitcoin, which are hard to trace.

"This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom," Palo Alto Threat Intelligence Director Ryan Olson told Reuters.

According to the research firm, KeRanger sits quietly in the background for three days after infecting a computer and then connects to a remote command-and-control server, which is designed to encrypt more than 300 types of files. KeRanger then demands that victims pay 1 bitcoin (about $400) to a specific address to access the data, Palo Alto researchers wrote in their findings.

The security researchers advised Mac users to regularly back up data. "KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data," they suggested.

The first-ever fully-functional ransomware attack on Mac computers questions Apple's reputation of maintaining what it claims is an impenetrable operating system. Although the Cupertino tech giant was quick enough to contain the ransomware, whose cousins usually target Windows computers, the breach is being seen as a scar on Apple's fortress.