Skip to main content
  1. Home
  2. Computing
  3. News

Update: Mac ransomware may have flaws that allow file recovery

By

keranger ransomware mac users macbook shot
Seth Schwiet/Unsplash
It’s not exactly a pleasant experience dealing with any sort of malware on your computer, but ransomware — which encrypts users’ files and essentially holds them hostage for payment — ratchets up the malevolence to a whole new level. While until now Windows users have been the primary targets of this type of malware, over the weekend, Mac users found out the hard way that they aren’t safe either.

Over the weekend, security firm Palo Alto Networks discovered that the installers for the torrent client Transmission had been infected with ransomware called KeRanger. Despite the discovery of another piece of ransomware called FileCoder by Kaspersky in 2014, this is the first actual functional ransomware discovered for the Mac.

Recommended Videos

Updated on 03-09-2016 by Jon Martindale: Added information about the discovery of a possible recovery technique.

Related

Exactly how the Transmission installers were infected with KeRanger isn’t clear. “It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred,” Palo Alto Networks wrote.

Transmission is signed with a certificate from the developer, so OS X recognizes it as legitimate software, which is how the ransomware manages to infect a system. This certificate was quickly revoked over the weekend, effectively limiting the threat, MacWorld reports. For its part, Transmission is urging users to update to the latest version of the software.

If KeRanger does manage to infect a system, it lies dormant for three days before it strikes. At that point, the user’s files are encrypted, and the malware even attempts to encrypt TimeMachine backups, keeping the user from restoring from a backup. The ransomware then demands 1 bitcoin, roughly $400, to de-encrypt the files.

Should you find yourself infected though, don’t panic — there may be a way out without buying bitcoins first. According to anti-malware company, Bitdefender, the KeRanger ransomware is built upon the foundations of another: Linux.Encoder. While this might not mean much to most, it’s significant because Linux.Encoder is far from flawless.

Researchers at Bitdefender were previously able to create tools to decrypt files, without knowing the private key. Although there’s no guarantee, there’s a possibility that the same solution could be found for KeRanger too.

The prognosis is reasonably strong too, with PCWorld reporting that the KeRanger ransomware is almost identical to the fourth version of Linux.Encoder, which has been countered by BitDefender’s tools. Although no such tool yet exists for KeRanger, it seems likely that it will in the near future.

While ransomware has existed for quite some time, its usage has surged in recent years. One recent variant used the built-in text-to-speech engine in Windows to alert users that their files had been encrypted. And an even scarier incident happened last month, when a hospital was forced to pay $17,000 worth of bitcoin to attackers in order to restore its files.

This particular threat to Mac users may have been short-lived, but this likely won’t be the last time we see ransomware targeting the platform. For the time being, all users can do is try to maintain safe browsing habits, which is often easier said than done.

Editors’ Recommendations

Topics
Kris Wouk
Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
How macOS Sonoma could fix widgets — or make them even worse
Apple's 15-inch MacBook Air on a desk, with macOS Sonoma running on its display.

At its Worldwide Developers Conference (WWDC) earlier this year, Apple revealed that interactive widgets would be coming to macOS Sonoma. That probably sounds like a tiny new feature, and sure, it’s not as earth-shattering as the Vision Pro announcement. But it could turn out to be one of the most divisive new features in the Mac operating system.

In macOS Sonoma, you’ll be able to plant widgets on your desktop instead of hiding them in the Notification Center. Many widgets will be interactive, letting you tick off to-do list items without opening the widget’s app, for example. And you’ll be able to run iOS widgets right on your desktop, even if that app isn’t installed on your Mac. It’s a pretty comprehensive overhaul. Depending on how well these interactive widgets work, though, we could be left with a bunch of annoying distractions or a set of super-helpful timesavers. The way Apple handles them is going to be vital.
We've been here before

Read more
Apple just gave Mac gamers a big reason to be excited
Craig Ferguson introducing Mac Gaming at WWDC.

When Apple announced it would revolutionize the world of Mac gaming at its Worldwide Developers Conference (WWDC) in June, many people were skeptical. But the latest update to the company’s Game Porting Toolkit has made some important changes to how games run on the Mac -- and the results are impressive.

The toolkit allows developers to move their Windows games across to macOS Sonoma. Games makers can test out how well their products run on Apple’s hardware and find out what they need to do to make the jump, something that Apple says ends up “significantly reducing the total development time.”

Read more
Your next Mac monitor could have this genius new feature
The Mac Studio and Studio Display on a desk.

Apple has crafted a thriving ecosystem of smart home devices that work with its HomeKit platform, and we could see an interesting new addition if the company’s latest big idea comes to fruition. If it does, you could see your Mac’s display double up as a handy smart home accessory.

The news comes from journalist Mark Gurman, who has previously leaked accurate details about Apple’s future plans. According to the paid-for section of Gurman’s Power On newsletter, Apple is developing a Mac monitor that could double up as a smart home display when your Mac is idle.

Read more