KeRanger, The First Mac OS X ransomware

KeRanger, The First Mac OS X ransomware

On a regular basis, you continue to hear about how ransomware has hit a variety of different businesses and their computers/ Windows computers that is!  Well, Mac users, you are not left out of the party anymore.  Last week a new malware known as KeRanger has been reported by Claud Xiao from Palo Alto Networks and is the first to target Mac computers.

While KeRanger was targeting Mac OS X, its behavior is quite similar to Windows-based ransomware. Once it has infected your system, KeRanger sits dormant for 3 days.  After 3 days have passed, it will search for a variety of file types and encrypt any it finds in the /Users and /Volumes directories. The malware will then display a ransom message, demanding that the victim pay the ransom using bitcoins in order to get their data back.  Interestingly noted, KeRanger appears to still be under active development and “is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data”.  Of course everyone back up their data offsite, right?

Since the malware was signed with a valid Mac Developer ID the malware could bypass OS X’s Gatekeeper feature, which is designed to block software from untrusted sources. The good news is Apple has already added detection to XProtect and revoked the developer certificate used to sign it.  However, it’s important to note that if you have already run the infected copy the malware this will not prevent you from opening it again because your Mac will consider it safe since it was already opened.

To find out more how M-Squared Networks can help protect your data from ransomware or any other malware visit our Solutions page, call us at 714.983.7646 or email info@msquarednetworks.com.

By | 2017-02-13T20:28:38+00:00 March 16th, 2016|Disaster Recovery, Managed Services, Security, Threats|0 Comments

About the Author:

Leave A Comment