March 11, 2016

Mac Ransomware: What You Need To Know

By Chris Brunau
RansomwareThreat AnalysisDatto RMM

We all know the saying – ‘an apple a day keeps the doctor away’ – but that may no longer apply in the IT world.

Ransomware software has been the scourge of Windows users for the last three years and those running Macs have got off scot-free. Until now.

For the first time, ransomware has found its way to Mac computers. According to Reuters, the attack was downloaded more than 6,000 times before the threat was contained. The latest form is known as KeRanger, which infiltrated Macs through an infected program known as Transmission, used for programming data through BitTorrent peer-to-peer file sharing. According to CNET, KeRanger carries a ransom of about $400.

This is just the latest ransomware threat to make headlines, after news of Locky, a new form of ransomware that was infected 90,000 machines a day, as well as a hospital in California hit with ransomware forcing them to pay $17,000.

According to Palo Alto Networks, this is a first for Macs. Although most malware is caught by Apple’s Gatekeeper protection, KeRanger has a valid app development certificate which allowed it to slip through. Most frighteningly, KeRanger attempts to encrypt Time Machine backup files – so those affected can’t recover.

Apple has responded swiftly to the reports and revoked the abused certificate and updated XProtect antivirus signature, which should prevent further spread. However, KeRanger waits three days before it activates, so many more users could be affected.

So how ‘Virus Free’ are Macs?

Apple’s Macs have always been thought of as ‘safe’. According to MacWorld, ‘Malware writers are less likely to target Mac users because of the perception that it has a far smaller market share than Windows.’ However, a recent Gartner report shows around 11 percent of all devices (including smartphones and tablets) are running iOS or OS X, so it’s little wonder attention is turning to Apple.

Greg Day, Palo Alto Networks’ chief security officer for Europe, the Middle East and Africa told the BBC that “we’ve seen more Mac threats in the last few years – it’s a very good reminder that there is no environment which is risk free from cyber attack.”

As always, taking the proper precautions is the best way to protect yourself from any form of ransomware. In the event you’re attacked, the best way to avoid paying a ransom is to have a proper business continuity and disaster recovery (BCDR) solution featuring up-to-date backups. This will allow you to restore your data to a point in time before the infection, and retain your precious data. To learn more about all things ransomware, including the common types, how it is spread and how to prevent it, download our eBook: The Business Guide To Ransomware.

Suggested Next Reads