Ap­ple users tar­geted in first known Mac ran­somware drive

The Pak Banker - - COMPANIES/BOSS -

Ap­ple Inc. cus­tomers were tar­geted by hack­ers over the week­end in the first cam­paign against Mac­in­tosh com­put­ers us­ing a per­ni­cious type of soft­ware known as ran­somware, re­searchers with Palo Alto Net­works Inc. told Reuters on Sun­day. Ran­somware, one of the fastest-grow­ing types of cy­ber threats, en­crypts data on in­fected ma­chines, then typ­i­cally asks users to pay ran­soms in hard-to-trace dig­i­tal cur­ren­cies to get an elec­tronic key so they can re­trieve their data.

Se­cu­rity ex­perts es­ti­mate that ran­soms to­tal hun­dreds of mil­lions of dol­lars a year from such cy­ber crim­i­nals, who typ­i­cally tar­get users of Mi­crosoft Corp.'s Win­dows op­er­at­ing sys­tem.

Palo Alto Threat di­rec­tor Ryan Olson "KeRanger" mal­ware, ap­peared on Fri­day, was func­tion­ing ran­somware Ap­ple's Mac com­put­ers.

"This is the first one in the wild that is def­i­nitely func­tional, en­crypts your files and seeks a ran­som," Olson said in a tele­phone in­ter­view.

Hack­ers in­fected Macs through a tainted copy of a pop­u­lar pro­gramme known as Trans­mis­sion, which is used to trans­fer data through the BitTor­rent peer-to-peer file shar­ing net­work, Palo Alto said on a blog posted on Sun­day af­ter­noon.

When users down­loaded ver­sion 2.90 of Trans­mis­sion, which was re­leased on Fri­day, their Macs were in­fected with the ran­somware, the blog said.

An Ap­ple rep­re­sen­ta­tive said the com­pany had taken steps over the week­end to pre­vent fur­ther in­fec­tions by re­vok­ing a dig­i­tal cer­tifi­cate that en­abled the rogue soft­ware to in­stall on Macs. The rep­re­sen­ta­tive de­clined to pro­vide other de­tails.

Trans­mis­sion re­sponded by re­mov­ing the ma­li­cious ver­sion of its soft­ware from its web­site, www.trans­mis­sionbt.com. On Sun­day it re­leased a ver­sion that its web­site said au­to­mat­i­cally re­moves the ran­somware from in­fected Macs.

The web­site ad­vised Trans­mis­sion users to im­me­di­ately in­stall the new up­date, ver­sion 2.92, if they sus­pected they might be in­fected.

Palo Alto said on its blog that KeRanger is pro­grammed to stay quiet for three days af­ter in­fect­ing a com­puter, then con­nect to the at­tacker's server and start en­crypt­ing files so they can­not be ac­cessed.

Af­ter en­cryp­tion is com­pleted, KeRanger de­mands a ran­som of 1 bit- In­tel­li­gence said the

which the first at­tack­ing coin, or about $400, the blog said.

Olson, the Palo Alto threat in­tel­li­gence di­rec­tor, said that the vic­tims whose ma­chines were com­pro­mised but not cleaned up could start los­ing ac­cess to data on Mon­day, which is three days af­ter the virus was loaded onto Trans­mis­sion's site.

Newspapers in English

Newspapers from Pakistan

© PressReader. All rights reserved.