Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
Security experts estimate that ransoms total
hundreds of millions of dollars a year from such cyber criminals, who
typically target users of Microsoft's Windows operating system.
Palo
Alto Threat Intelligence Director Ryan Olson said the "KeRanger"
malware, which appeared on Friday, was the first functioning ransomware
attacking Apple's Mac computers.
"This is the first one in the wild that is
definitely functional, encrypts your files and seeks a ransom," Olson
said in a telephone interview.
Hackers
infected Macs through a tainted copy of a popular programme known as
Transmission, which is used to transfer data through the BitTorrent
peer-to-peer file sharing network, Palo Alto said on a blog posted on
Sunday afternoon.
When users downloaded version 2.90 of
Transmission, which was released on Friday, their Macs were infected
with the ransomware, the blog said.
An
Apple representative said the company had taken steps over the weekend
to prevent further infections by revoking a digital certificate that
enabled the rogue software to install on Macs. The representative
declined to provide other details.
Transmission responded by removing the
malicious version of its software from its website,
www.transmissionbt.com. On Sunday it released a version that its website
said automatically removes the ransomware from infected Macs.
The
website advised Transmission users to immediately install the new
update, version 2.92, if they suspected they might be infected.
Palo Alto said on its blog that KeRanger is
programmed to stay quiet for three days after infecting a computer, then
connect to the attacker's server and start encrypting files so they
cannot be accessed.
After encryption is completed, KeRanger demands a ransom of 1 bitcoin, or about $400, the blog said. (bit.ly/1Rvroxv)
Olson, the Palo Alto threat intelligence
director, said that the victims whose machines were compromised but not
cleaned up could start losing access to data on Monday, which is three
days after the virus was loaded onto Transmission's site.
Representatives with Transmission could not be reached for comment.
0 comments:
Post a Comment
What's On Your Mind?