Apple's Macintosh computers have been hit for the first time by a hacking attack using what is known as ransomware. Previously only Microsoft's Windows operating system was targeted.
ADVERTISEMENTApple’s Macintosh computers have been hit for the first time by a hacking attack using what is known as ransomware.
The cyber-crime software blocks access to data on infected machines by encrypting it, according to researchers at the online security firm Palo Alto Networks.
The victim is then asked to pay a ransom in hard-to-trace digital currencies – like bitcoin – to get an electronic key to retrieve their data.
Palo Alto Threat Intelligence Director Ryan Olson said the ‘KeRanger’ malware, which appeared on Friday, was the first functioning ransomware attacking Apple’s Mac computers: “This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom.”
New OS X #Ransomware KeRanger Infected Transmission BitTorrent Client Installer https://t.co/sKjz4zq1nD#Unit42
— Palo Alto Networks (@PaloAltoNtwks) March 6, 2016
It is estimated similar attacks on Microsoft’s Windows operating system cost companies hundreds of millions of euros a year in ransoms.
Apple, and the company whose programme was hijacked to deliver the malware, said the problem has now been fixed.
It got onto people’s computers through a tainted copy of a popular programme known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network.
Transmission responded by removing the malicious version of its software from its website. It then it released a version that its website said automatically removes the ransomware from infected Macs.
Palo Alto said that KeRanger is programmed to stay quiet for three days after infecting a computer, then connect to the attacker’s server and start encrypting files so they cannot be accessed.
After encryption is completed, KeRanger demands a ransom of 1 bitcoin, or about $400 or 365 euros.
Palo Alto’s Ryan Olson said that the victims whose machines were compromised but not cleaned up could have started losing access to data on Monday – three days after the virus was loaded onto Transmission’s site.
