Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on March 7, 2016

Hackers are targeting OS X users with ransomware for the first time


Hackers are targeting OS X users with ransomware for the first time

Security firm Palo Alto Networks said in a blog post over the weekend that it found ransomware bundled into a popular Mac app. It’s believed to be the first-ever piece of malware developed for the platform.

The company noted that it detected ransomware that it’s calling ‘KeRanger’ on installers of Transmission, a free and open-source BitTorrent client for Mac. It isn’t clear how the attackers managed to compromise the app’s site and upload the infected files.

Once an unsuspecting user installs the infected app, KeRanger embeds itself in their system and goes to work encrypting certain types of data, including documents, images, audio and video files, as well as databases and email archives.

It then asks victims to pay 1 Bitcoin (about $410 at the time of writing) in order to decrypt and regain access to their files.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The developers behind Transmission have since updated their installers to ensure the ransomware is removed.

Transmission is a popular BitTorrent client for Mac
Credit: Transmission

It’s scary to see hackers beginning to target OS X users with this sort of attack. Until now, they only went after Windows systems and mobile OSes. Last month, a hospital in Hollywood paid $17,000 to unlock their data after hackers held their files for ransom.

In this case, not only did the perpetrators manage to infect a well-known Mac app, but they did so using a valid Mac app development certificate.

It’s becoming clear that no one’s data is truly safe. However, the real danger is agreeing to attackers’ demands and proving to them that their malicious activity is viable and worth pursuing. At this point, the best way to protect yourself is to back up your data often.

We’ve contacted Apple for comment and will update this post when we hear back.

New OS X ransomware KeRanger infected transmission BitTorrent client installer [Palo Alto Networks Research Center Blog via Reuters]

Get the TNW newsletter

Get the most important tech news in your inbox each week.