Skip to main content
  1. Home
  2. Computing
  3. News

Update: Mac ransomware may have flaws that allow file recovery

By

keranger ransomware mac users macbook shot
Seth Schwiet/Unsplash
It’s not exactly a pleasant experience dealing with any sort of malware on your computer, but ransomware — which encrypts users’ files and essentially holds them hostage for payment — ratchets up the malevolence to a whole new level. While until now Windows users have been the primary targets of this type of malware, over the weekend, Mac users found out the hard way that they aren’t safe either.

Over the weekend, security firm Palo Alto Networks discovered that the installers for the torrent client Transmission had been infected with ransomware called KeRanger. Despite the discovery of another piece of ransomware called FileCoder by Kaspersky in 2014, this is the first actual functional ransomware discovered for the Mac.

Recommended Videos

Updated on 03-09-2016 by Jon Martindale: Added information about the discovery of a possible recovery technique.

Related

Exactly how the Transmission installers were infected with KeRanger isn’t clear. “It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred,” Palo Alto Networks wrote.

Transmission is signed with a certificate from the developer, so OS X recognizes it as legitimate software, which is how the ransomware manages to infect a system. This certificate was quickly revoked over the weekend, effectively limiting the threat, MacWorld reports. For its part, Transmission is urging users to update to the latest version of the software.

If KeRanger does manage to infect a system, it lies dormant for three days before it strikes. At that point, the user’s files are encrypted, and the malware even attempts to encrypt TimeMachine backups, keeping the user from restoring from a backup. The ransomware then demands 1 bitcoin, roughly $400, to de-encrypt the files.

Should you find yourself infected though, don’t panic — there may be a way out without buying bitcoins first. According to anti-malware company, Bitdefender, the KeRanger ransomware is built upon the foundations of another: Linux.Encoder. While this might not mean much to most, it’s significant because Linux.Encoder is far from flawless.

Researchers at Bitdefender were previously able to create tools to decrypt files, without knowing the private key. Although there’s no guarantee, there’s a possibility that the same solution could be found for KeRanger too.

The prognosis is reasonably strong too, with PCWorld reporting that the KeRanger ransomware is almost identical to the fourth version of Linux.Encoder, which has been countered by BitDefender’s tools. Although no such tool yet exists for KeRanger, it seems likely that it will in the near future.

While ransomware has existed for quite some time, its usage has surged in recent years. One recent variant used the built-in text-to-speech engine in Windows to alert users that their files had been encrypted. And an even scarier incident happened last month, when a hospital was forced to pay $17,000 worth of bitcoin to attackers in order to restore its files.

This particular threat to Mac users may have been short-lived, but this likely won’t be the last time we see ransomware targeting the platform. For the time being, all users can do is try to maintain safe browsing habits, which is often easier said than done.

Editors’ Recommendations

Topics
Kris Wouk
Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
The macOS Sequoia update just launched. Here’s why you should install it
The iPhone Mirroring feature from macOS Sequoia being demonstrated at the Worldwide Developers Conference (WWDC) 2024.

The macOS Sequoia update is finally here, bringing iPhone Mirroring, Safari updates, window tiling, and the new Passwords app to Mac. As promised, there are no Apple Intelligence features in this update, but they will start rolling out from next month.

iPhone Mirroring is the most exciting thing coming with this update, allowing you to check your messages, notifications, and apps without switching devices. The feature makes a lot of sense as the one time we truly don't need our phones is when we're already using a computer. Instead of taking your hands off the keyboard to pick up your iPhone, you can simply access it on your Mac like a phone-shaped app.

Read more
An entirely new line of Macs may launch in just a few weeks
Apple CEO Tim Cook looks at a display of brand new redesigned MacBook Air laptop during the WWDC22

Apple’s iPhone 16 event was totally devoid of new Macs, and there were some good reasons for that. One of them is that there are expected to be so many Apple computers launching later this year that there simply wouldn’t be enough time for them all at the iPhone show. And now, a new report claims that these new Macs are just around the corner.

Writing in his weekly Power On newsletter, Bloomberg reporter Mark Gurman has outlined what he expects Apple to release in a potential follow-up event this October. This includes a revamp to a wide range of popular desktop and mobile Macs. Gurman’s predictions are often on the money, so when he suggests these Macs are almost upon us, it’s worth paying attention.

Read more
MacBook Pro may make an exciting change to its RAM
Apple MacBook Pro 16 downward view showing keyboard and speaker.

According to anonymous sources cited by Bloomberg, Apple's new M4 series of Mac computers launching this year will all have at least 16GB of RAM. That's double the current minimum of 8GB for entry-level models and a level Apple has stuck to since 2012 despite plenty of criticism and many of its competitors offering a base amount of 16GB.

The information comes from the developer test logs for four new Mac models labeled "16,1," "16,2," "16,3," and "16,10." These tests check for compatibility with third-party applications and are usually done fairly close to launch. Three of the models have 10 CPU cores and 10 GPU cores, while the last has eight CPU and eight GPU cores -- but all four have either 16GB or 32GB of RAM.

Read more