Give us your money, or else: Mac users and their computers aren’t immune from ransom-demanding malware after all, as a first so-called ransomware attack was detected by the security researchers at Palo Alto Networks last week.
Mac owners who installed the Transmission BitTorrent client last Friday or Saturday may have infected their machines with a malware program called KeRanger that may attempt to encrypt some of their personal files. The app then displays a ransom note, asking users to pay around $400 to get access to these files again.
Ransomware attacks like these are nothing new for users of Windows PCs, where a number of similar programs have been attacking users for some time. Ransomware programmers typically hide their tracks by asking to be paid in Bitcoin, their apps are often hard to detect by antivirus software.
These kinds of attacks do not just hit ordinary users: In February, reports surfaced that a hospital in Los Angeles was forced to pay $17,000 to unlock its patient records after they had been encrypted by ransomware.
KeRanger seems to be the first such kind of malware to specifically target Mac users, and Palo Alto Networks researchers speculated that attackers may have hacked the Transmission website to distribute a version of the app that was infected with the malicious code.
The good news is that Transmission’s developers have since removed the affected files, and that Apple has since revoked a security certificate used for the attack. Due to the quick response, it’s possible that just a few thousand users were affected by this particular attack — but it’s likely not the last time we’re going to hear about OS X ransomware.