(By Jim Finkle, Reuters) – Apple customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks told Reuters on Sunday.
Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1890175,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"C"}']Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of Microsoft’s Windows operating system.
Palo Alto Threat Intelligence Director Ryan Olson said the “KeRanger” malware, which appeared on Friday, was the first functioning ransomware attacking Apple’s Mac computers.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Olson said in a telephone interview.
An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs. The representative said he could not immediately provide other details.
The malware is programmed to encrypt files on an infected personal computer three days after the original infection, according to Olson.
That means that if Apple’s steps prove ineffective in neutralizing malware that has already infected Macs, the earliest victims will have their files encrypted on Monday, three days after the malicious program first appeared on the Tranmission website, he said.
The Transmission site offers the open source software that was infected with the ransomware.
Palo Alto said it planned to release a blog advising Mac users on ways to check to see if they were infected with the virus and steps they can take to protect against it harming their data, Olson said.
[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":1890175,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"C"}']
Transmission is one of the most popular Mac applications used to download software, videos, music and other data through the BitTorrent peer-to-peer information sharing network, according to Olson.
Representatives with Transmission could not be reached immediately for comment.
The project’s website, www.transmissionbt.com, on Sunday carried a warning saying that version 2.90 of its Mac software had been infected with malware.
It advised users to immediately upgrade to version 2.91 of the software, which was available on its website, or delete the malicious one.
[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":1890175,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"C"}']
It also provided technical information on how users could check to see if they were affected.
(Editing by Jeffrey Benkoe)
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More