Ransonware Hits The Mac

Recently Apple added detection of something called “KeRanger” to the XProtect anti-malware definitions in OS X.

It was revealed that KeRanger is the first real Mac ransomware, and it’s not just theoretical. It’s in the wild and something users should take seriously.

According to security experts, a BitTorrent client was infected to include this ransomware. The infected app was distributed from an official Transmission website, but with a different code signature than the normal one previously used to sign the Transmission app, implying that the app itself had been modified and re-signed by an attacker. 

While it has always been the belief that Mac;s do not get viruses (which is true in the true sense of the definition of a virus), it is susceptible to Malware.  See Virus & Malware Removal page for additional clarification.

Once infected by ransomware some people may be tempted to pay the ransom to get their files. While the FBI will recommend people pay the ransom to get their files back, cybersecurity experts would advise otherwise.  Paying the ransom only encourages these criminals to continue with this lucrative campaign.  In the Windows world, paying the ransom sometimes results in getting a key that can successfully unlock the files. However, it also can result in sending money to the hackers and getting nothing in return, or receiving a key that doesn’t actually work properly because the ransomware was poorly written.  In any event sending money to these thieves will only empower them to continue this lucrative venture.

The reason why this type of ransomware is so effective is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you have a backup to restore from or pay the ransom, your files are gone. And even if you do pay the ransom, there's no guarantee you can get those files back. Bottom line, you need to have a good backup of all your important files.


Prevention is the only cure!


Since there is no way to recover your data in the event of an infection (other than pay the ransom) prevention is the only cure!  Start by investing in the tools that will prevent such malware attacks.  First get the right layers of anti-virus, anti-malware, anti-ransomware and web-filtering software that will greatly reduce your exposure.  Secondly increase awareness and educate yourself on how to detect phishing campaigns, suspicious websites, and other scams.  These are all designed to lure you into clicking on a web-site or an e-mail that might be carrying or linked to a malicious payload delivery system. 

Finally we get to our biggest pet-peeve, if your data is important, then BACK IT UP!  Back it up to an external off-site backup service.  By backing up to an external USB only, you may still be putting your data at risk.  The ransomware software may encrypt this data as well.  The fact that this malware will encrypt external drives and connected network volumes means that it will encrypt backups, including Time Machine backups stored on a Time Capsule.  Which means that your backups, are at risk to this malware.

For workstations, any folder containing important data should be backed up continuously to a cloud backup service that has rigorous controls.  The service should be HIPAA compliant, have archiving capabilities and variable retention policies.