Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":1891069,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"cloud,enterprise,security,","session":"B"}']

Mac ransomware caught before large number of computers infected

Image Credit: Justin Ennis/Flickr

(Reuters) – The first known ransomware attack on Apple Mac computers, which was discovered over the weekend, was downloaded more than 6,000 times before the threat was contained, according to a developer whose product was tainted with the malicious software.

Hackers infected Macs with the “KeRanger” ransomware through a tainted copy of Transmission, a popular program for transferring data through the BitTorrent peer-to-peer file sharing network.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1891069,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"cloud,enterprise,security,","session":"B"}']

So-called ransomware is a type of malicious software that restricts access to a computer system in some way and demands the user pay a ransom to the malware operators to remove the restriction.

KeRanger, which locks data on Macs so users cannot access it, was downloaded about 6,500 times before Apple and developers were able to thwart the threat, said John Clay, a representative for the open-source Transmission project.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

That is small compared to the number of ransomware attacks on computers running Microsoft Windows operating system. Cyber security firm Symantec observed some 8.8 million attacks in 2014 alone.

Still, cyber security experts said they expect to see more attacks on Macs as the KeRanger hackers and other groups look for new ways to infect Mac computers.

“It’s a small number but these things always start small and ramp up huge,” said FidelisCybersecurity threat systems manager John Bambenek. “There’s a lot of Mac users out there and a lot of money to be made.”

Symantec, which sells anti-virus software for Macs, warned on its blog that “Mac users should not be complacent.” The post offered tips on protecting against ransomware. (symc.ly/1puolix)

The Transmission project provided few details about how the attack was launched.

“The normal disk image (was) replaced by the compromised one” after the project’s main server was hacked, said Clay.

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":1891069,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"cloud,enterprise,security,","session":"B"}']

He added that “security on the server has since been increased” and that the group was in “frequent contact” with Apple as well as Palo Alto Networks, which discovered the ransomware on Friday and immediately notified Apple and Transmission.

An Apple representative said the company quickly took steps over the weekend to prevent further infections by revoking a digital certificate that enabled the rogue software to install on Macs.

Transmission responded by removing the malicious 2.90 version of its software from its website (www.transmissionbt.com). On Sunday, it released version 2.92, which its website says automatically removes the ransomware from infected Macs.

Forbes earlier reported on the number of KeRanger downloads, citing Clay.

[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":1891069,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"cloud,enterprise,security,","session":"B"}']

(Reporting by Jim Finkle; Editing by Cynthia Osterman and Bill Rigby)

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More