Monday, 7 March 2016

New Mac Ransomware found on Apple OSX

New Mac ransomware KeRanger, spread via Transmission app locks files and demands ransom.

New ransomware infecting Apple OS X surfaced on March 4th 2016, with the emergence of KeRanger. The first inkling of trouble came during the weekend when users of Transmission – a BitTorrent client widely used on OS X – have noticed a warning. According to the warning, which was displayed within the Transmission application and on its website, version 2.90 of the application was infected. All users were recommended to upgrade immediately to 2.91, as they might have fallen victim to new file-encrypting ransomware to target OS X – dubbed KeRanger.

KeRanger is a fully functional in-the-wild malware, spread via an infected version of an otherwise legitimate open source BitTorrent application – Transmission. The version of KeRanger ESET has analysed stays idle for three days after initial infection. The malware uses cryptographic algorithms (RSA-2048 and AES-256) that are effectively unbreakable.

Its malicious version (2.90) was available for download between March 4th and March 5th, 2016 and was signed with a legitimate developer certificate. As of March 5th, the malicious version was removed from Transmission’s website. Also, Apple has revoked the misused certificate to prevent users from opening the infected installer even if it is downloaded from a third-party location. ESET’s users are protected – ESET software detects KeRanger as OSX/Filecoder.KeRanger.A.

We strongly recommend that users back up all of their valuable data on a regular basis