If you're big into BitTorrent, and you're a Mac user, here's hoping that you didn't grab a recently released version of the Transmission BitTorrent client for OS X. If so, you might have unknowingly infected your computer with the platform's first official ransomware.
According to Transmission's website, version 2.90 of the application contained the malware, and users are strongly encouraged to upgrade to version 2.91 (or delete their copy of 2.90) to avoid any issues it might cause. You can also do a little sleuthing yourself to see if the embedded ransomware, KeRanger, has hit your system. Just run through some of the steps listed in the "how to protect yourself" portion of a new blog post from Palo Alto Networks' threat intelligence team, which details out the steps you'll need to take to clear yourself of KeRanger.
You could also just wipe and restore your system to an earlier time period, suggests 9to5Mac. If you do that, you'll (obviously) want to restore to some point before whenever it is you installed Transmission 2.90—any point before the app's March 4 release date should be fine.
According to Reuters, Apple is already using its Gatekeeper system to prevent new installations of the infected Transmission client, but that isn't very useful for those who have already installed it.
As for how the malware works, Palo Alto Networks' threat intelligence team has a helpful description:
Recommended by Our Editors
"If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files. Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data."
If you're infected, haven't gone through the steps to clear the malware, and are hit with this demand, we suggest you resist the urge to pay up. There's no way to actually verify that whoever it is you're paying won't just take your money and run. Worse, they might even find a way to exploit your system even more if you leave the malware installed—don't do that.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
