It is an extremely common rumor that Macs don’t get viruses, but unfortunately, they’re no better off than PC’s. Security Professionals have discovered that, for the first time ever, a ransomware attack made it out ‘into the wild’, meaning that it is now a threat to all Mac users. Viruses spread quite easily, and this one is spread through torrenting software.
This was discovered on Friday when a team of researchers found a virus that spread through a BitTorrent client called “KeRanger”. This isn’t the first time that researchers found a Ransomware virus. In 2014, Kaspersky Labs found an incomplete version of the virus. KeRanger actually marks the first ever dangerous attack on Mac OS X systems.
“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” – Palo Alto Threat Intelligence Director Ryan Olson
This is definitely a taint on the Mac OS X slate since Mac users famously boasted of the fact that Mac’s don’t get viruses nearly as serious or as often as Windows PC. Sometimes, Windows viruses make the news, but not nearly as much as this ransomware.
The stakes are very high with KeRanger. Three days after the virus is installed, the software will communicate with a server over the TOR network and will begin encrypting files on the Mac system.
After completing the encryption, the software will demand that you pay 1 Bitcoin (~$140USD) to KeRanger, and then your files will decrypt. It seems as though KeRanger is still in development so that it will also affect Time Machine backups, to make sure that you don’t recover your information.
The Palo Alto Networks team notified both Apple and the Transmission Project on March 4th. Since then, Apple revoked the security certificate used by KeRanger and updated its anti-virus software. Apple declined to comment.
The researchers have noted that Transmission has updated the software to make sure that KeRanger is removed. It is highly recommended that you update to the newer software to make sure that KeRanger is ‘properly removed’.
Because Transmission is by its own admission an open-source, volunteer-based project, researchers also argue that it’s possible the project’s official website “was compromised and the files were replaced by re-compiled malicious versions.” But even then, the Palo Alto Networks team say they can’t confirm how the infection occurred.
While the problem is resolved, it should be noted that this will have ripple effects which will have people asking just how tall the walls are in the bastion that is Mac OS. I am sure that there will be more viruses developed for Mac, just to test how well OS X is protected.