|
 Ransomware, one of the fastest-growing types of cyber threats,
encrypts data on infected machines, then typically asks users to pay
ransoms in hard-to-trace digital currencies to get an electronic key
so they can retrieve their data.
Security experts estimate that ransoms total hundreds of millions of
dollars a year from such cyber criminals, who typically target users
of Microsoft Corp's <MSFT.O> Windows operating system.
Palo Alto Threat Intelligence Director Ryan Olson said the
"KeRanger" malware, which appeared on Friday, was the first
functioning ransomware attacking Apple's Mac computers.
"This is the first one in the wild that is definitely functional,
encrypts your files and seeks a ransom," Olson said in a telephone
interview.
Hackers infected Macs through a tainted copy of a popular program
known as Transmission, which is used to transfer data through the
BitTorrent peer-to-peer file sharing network, Palo Alto said on a
blog posted on Sunday afternoon.
 When users downloaded version 2.90 of Transmission, which was
released on Friday, their Macs were infected with the ransomware,
the blog said.
An Apple representative said the company had taken steps over the
weekend to prevent further infections by revoking a digital
certificate that enabled the rogue software to install on Macs. The
representative declined to provide other details.
Transmission responded by removing the malicious version of its
software from its website (http://www.transmissionbt.com). On Sunday
it released a version that its website said automatically removes
the ransomware from infected Macs.
[to top of second column] |
The website advised Transmission users to immediately install the
new update, version 2.92, if they suspected they might be infected.
Palo Alto said on its blog that KeRanger is programmed to stay quiet
for three days after infecting a computer, then connect to the
attacker's server and start encrypting files so they cannot be
accessed.
After encryption is completed, KeRanger demands a ransom of 1
bitcoin, or about $400, the blog said. (http://bit.ly/1Rvroxv)
Olson, the Palo Alto threat intelligence director, said that the
victims whose machines were compromised but not cleaned up could
start losing access to data on Monday, which is three days after the
virus was loaded onto Transmission's site.
Representatives with Transmission could not be reached for comment.
(Editing by Jeffrey Benkoe and Sandra Maler)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
