An Apple a Day...gets hit by Ransomware

Mar 09, 2016

An Apple a Day...gets hit by Ransomware

BY Sarah Roberts

We all know the saying, ‘An apple a day keeps the Doctor away’ - but that proverb may no longer apply in the IT world.

Ransomware software has been the scourge of Window users for the last 3 years. It’s a malware that exerts a vicious stranglehold on an OS, encrypting files and threatening deletion if a ‘Ransom’ isn’t paid.
Those running Macs have got off scot-free. Until now.

A strain has emerged, hidden inside a BitTorrent file, that can successfully infect an Apple OS.
KeRangers, as it’s known, encrypts files and then demands a payment of 1 bitcoin (approximately £290) for them to be liberated.

According to Palo Alto Networks, this is a first. Although most malware is caught by Apple’s Gatekeeper protection, KeRangers has a valid Mac app development certificate which allowed it to slip through. Most frighteningly, KeRanger attempts to encrypt Time Machine backup files - so those affected can’t recover.

Apple has responded swiftly to the reports and revoked the abused certificate and updated XProtect antivirus signature, which should prevent further spread. However, KeRanger waits three days before it activates, so many more users could be affected.

So how ‘Virus Free’ are Macs?

Apple’s Macs have always been thought of as ‘safe’. According to MacWorld, ‘Malware writers are less likely to target Mac users because of the perception that it has a far smaller market share than Windows.’ However, a recent Gartner report shows around 11% of all devices (including smartphones and tablets) are running iOS or OS X, so it’s little wonder attentions are turning to Apple.

Greg Day, Palo Alto Networks’ chief security officer for Europe, the Middle East and Africa told the BBC that “we’ve seen more Mac threats in the last few years - it’s a very good reminder that there is no environment which is risk free from cyber attack.”

It is therefore important to remember that malware is always going to be evolving - and businesses need to stay on their toes. Datto users can use OwnCloud - which comes as standard on every SIRIS - to back up essential files.

Subscribe to the Blog