Someone spiked version 2.90 of Transmission with the KeRanger malware, the first functioning ransomware designed for Macs, say researchers at security firm Palo Alto Networks. It was they who first sounded the alarm. The way KeRanger works after download is to go dormant for three days before beginning to encrypt files on the hard drives of infected computers. Computer owners are blocked from accessing their files until a ransom is paid and a key code is handed over that unlocks the encryption.
Monday marks the third day since the tainted Transmission software was first downloaded. Anybody who hasn’t removed the software before then may find their files have been digitally kidnapped. According to Reuters, who spoke with the Palo Alto Networks team, the ransom is 1 bitcoin, worth about $400.
The chances of KeRanger affecting a lot of computers seems slim. Managers of the Transmission peer-to-peer software replaced the infected copy on Sunday with a version that removes the ransomware copy from Mac hard drives. Also, Apple blocked the security certificate used to help KeRanger circumvent OS X’s defenses.
Initially, ransomware was written to attack Windows but the culprits are now targeting Macs. Ransomware appears to be growing in popularity with criminals, and the reasons are easy to understand. At this point, there’s apparently little risk of getting caught, low overhead and most importantly, it has proven to be effective.
The best-known ransomware heist so far may have come last month when Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 to someone who had infected the hospital’s computer system and encrypted the computer files there. Things got so bad that hospital staff had taken to pen-and-paper record keeping. With the FBI and professional computer sleuths available, the hospital’s management said it made more sense just to pay.