Apple Mac is vulnerable to ransomware, here’s how to check if you’re a victim

Share on facebook
Share on twitter
Share on linkedin
Share on email

Reports surfaced at the weekend of some Apple Mac users falling victim to what some PC users call the worst type of cyber attack, ransomware.

As this may be the first time an Apple user has come across the term let us explain. Ransomware encrypts your data, which sounds all good and well until you realise that you can’t decrypt or indeed use your data without paying a hefty sum to the cyber criminal who tricked you into downloading the software.

In a report by Business Insider, Palo Alto Threat Intelligence Director, Ryan Olson named KeRanger the first ransomware to be found attacking Apple’s Mac computers.

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Olson told Business Insider.

Once the ransomware has infected a Mac it demands a ransom of one bitcoin (R6 388,75) to unlock the data.

But where exactly are people going to get ransomware unknowingly installed on their Macs? Unfortunately a legitimate app was compromised according to Apple, more specifically, the Bit Torrent client, Transmission.

The Transmission web page is currently hosting a warning urging users of the software to immediately update their software.

Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware is correctly removed from your computer.

The developer has also said version 2.91 of Transmission should also be updated to 2.92 to completely remove the possibility of the ransomware being activated.

How to check whether you’re infected

Luckily, Palo Alto Threat Intelligence has issued steps you can take to mitigate your risk and you can, and probably should, follow the steps below.

  1. Using Terminal or Finder, look for either /Applications/ General.rtf or /Volumes/Transmission/ General.rtf. Should you find either of these files the Transmission app should be deleted immediately.
  2. Check whether a process named “kernel_service” is running using Activity Monitor which reportedly comes pre-installed in OS X. Should you find this process you’ll need to check what exactly that process is. Using Open Files and Ports check whether there is a file named /Users/<username>/Library/kernel_service and if there is immediately Force Quit the application.
  3. Finally once all of those steps are complete it is suggested that users look through the ~/Library. Files named “.kernal_pid”, “.kernal_time”, “.kernal_complete” and “.kernal_service” should be deleted immediately.

Apple has updated its XProtect signatures so if you attempt to install an infected version of Transmission you will get a warning suggesting you move the application to Trash or unmount the disk image.

Be careful out there folks, cyber criminals are getting creative and it seems that no laptop, PC, Mac or even mobile is safe from their clutches.

[Via – Business Insider] [Image – CC BY/2.0 Canned Muffins]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.