First OS X Ransomware Detected In The Wild

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
The “KeRanger” malware is the first functioning ransomware attacking Mac computers and encrypts files on a machine three days after it is infected.

Apple Inc (AAPL.O) customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc (PANW.N) told Reuters on Sunday. Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
 
The timing of this, I tell ya, something smells like three day old fish (pun intended). :D
 
Tiberian said:
The timing of this, I tell ya, something smells like three day old fish (pun intended). :D
Click to expand...

Makes perfect sense - if you are coding a malware - to give it an incubation time before symptoms are available. If symptoms are immediate, then people are going to know something is wrong, and possibly prevent it (or at least try) from propagating. If it hides in the background, and doesn't strike until it's spread on to other machines it will likely be more effective.

This is why - in the early days - Ebola didn't become a large epidemic. It struck out in the wilderness, and killed its victims before they could get too far and spread it too much.

Whoever did was pretty smart. I don't program viruses or malware, but if I did, I'd probably have the "incubation period" be much longer than 3 days. Have it spread silently for a month before encrypting everything, and you are much more likely to also have hit the backup, and other computers with duplicate files on them, making it much more likely that your victim has to play nice with you and pay up, because they don't have options.
 
No, I meant the timing because of Apple's current fiasco with the FBI and the iPhone, and privacy and security but as usual I'm looking at a very very big picture of things and perhaps put things and events together in ways that others don't care much to bother with.
 
Tiberian said:
No, I meant the timing because of Apple's current fiasco with the FBI and the iPhone, and privacy and security but as usual I'm looking at a very very big picture of things and perhaps put things and events together in ways that others don't care much to bother with.
Click to expand...

If this locked PHONES, I would agree with you. This is OS-X, apple can patch this and it would LITERALLY have no effect on phones.
 
And no, I didn't mean it has anything to do with a virus on an iPhone or malware for an iPhone or anything to do with an iPhone at all, I meant the timing of this malware appearing "in the wild" at a point in time when Apple is involved with something that already has mixed public opinion about their stated position seems rather dubious to me. The best time to hit someone is when they're down, and even though Apple isn't down at this point, it's still a perfect time to do something like this hence my remark about the timing.

I am disappoint.
 
This attack bites only dumb users who download non-signed fishy stuff like torrent clients. Default security settings won't allow to do so.
 
  • Like
Reactions: Yakk
like this
What I want to know is if this encrypts the entire time machine backup or not. (Not just the day that it is infected but, the whole thing.) If not, then the data should be completely recoverable, assuming the person actually setup the backup in the first place.
 
How long before malware creators realize that while their market will be smaller, it will be more profiatble?
 
You must log in or register to reply here.
Back
Top