At the beginning of March 2016, the first ransomware attack for Macs appeared.
It’s called "KeRanger" (pronounced "Key-Ranger"). Security firm Palo Alto Networks discovered it within a tampered version of Transmission, a legitimate Mac BitTorrent client.
Palo Alto Networks notified Apple. Acting fast, Apple pulled Transmission’s digital certificate, effectively revoking its ability to run on Mac computers. Halting KeRanger’s ability to damage files.
Transmission issued a patch for its client and urged all users to upgrade immediately. If you use Transmission, please make sure you update the client right now. (Seriously, please do so right away. We’ll wait.)
How Ransomware on the Mac Works
Like other ransomware apps for the PC, KeRanger encrypts files on a computer and demands a Bitcoin ransom to get them back. It goes a little further though. Researchers found KeRanger also contained unfinished code for encrypting Time Machine backups.
In other words, the ransomware wants to lock up your backups too, so you'd have no choice but to pay its ransom.
Quick actions have prevented the worst outcome—hundreds of Macs encrypted and forcing their users to fork over money.
But if one ransomware attack has occurred on the Mac, more are coming.
We’re already seeing a spike in malware infections on Macs. These are mostly adware – malicious apps which spew ads at you all day.
If your Mac doesn’t have security measures installed on it already, you need to implement some now. Here’s a start.
How to Protect Your Mac from Malware & Ransomware
Since malware and ransomware are new to the Mac platform, security software is still new as well. Not many options exist, though more are in the works. For now, here are two things you can do to protect your Mac.
- Use anti-malware and anti-ransomware software. Malwarebytes does have an anti-malware app for Macs. It’s meant for home use, but a Corporate edition will arrive soon. Dedicated anti-ransomware apps are coming too.
- Keep regular backups! A backup saves you if you do get ransomware. Given KeRanger’s targeting backups, we advise keeping at least one backup copy disconnected from the computer. Then the ransomware can’t reach it.
Got a question about malware or ransomware? Please email us at woof@planetmagpie.com with your tech questions!