Wonderful Engineering

KeRanger Is A New Ransonware That Encrypts Your Files And Demands A Ransom To Unlock Them

Just because you’re using a Mac software doesn’t mean you are safe from hackers. Apple customers were recently targeted by hackers over the weekend. The malicious software is known as KeRanger and was introduced via an affected copy of a popular program known as Transmission.

According to security researchers, the KeRanger has been programmed so that it remains quite for a total of 3 days after infecting a computer. After this hibernation period, it connects to the attackers’ server and begins encrypting files so that the user can’t access them anymore and demands for a ransom of 1 bitcoin (about $400) for unlocking the files.

The software, Transmission, is used for carrying out data transfer via BitTorrent peer-to-peer file sharing network. Ransomware is becoming one of the fastest-growing kind of cyber threats. It involves encrypting data on infected machines and then asking for ransom in digital currencies that are hard to track before providing them with a digital key that allows the retrieval of data.

The security experts have estimated that the ransoms amount to over hundreds of millions of dollars per year. Usually, the victims are the users of Microsoft Corp’s Windows OS but according to Palo Alto Threat Intelligence Director Ryan Olson, the ‘KeRanger’ malware that surfaced on Friday is the first functional ransomware that has attacked the Apple’s computers.

Olson said, “This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom.” When users downloaded the version 2.90 of Transmission, the Macs were infected with ransomware. According to an Apple representative, the company had taken steps over the weekend to prevent any further infections by revoking a digital certificate that allowed the installation of the rogue software in the first place.

Transmission removed the malicious version of the software and on Sunday released a new version that automatically takes out the ransomware from infected machines. The website suggested that Transmission users should immediately install the latest update, version 2.92, in case they suspect that they have been hacked.