Scalper1 News
Hackers targeted Apple ( AAPL ) Macintosh users over the weekend in what No. 2 cybersecurity firm Palo Alto Networks ( PANW ) believes was the first successful ransomware scheme on the OS X platform. Ransomware attacks have targeted Microsoft ( MSFT ) Windows computers, encrypting data on infected machines and then demanding a ransom from users for the digital key to the locked files. Palo Alto dubbed the Apple ransomware “KeRanger.” KeRanger was burrowed into two installers of Transmission 2.90, an open-source BitTorrent software used to transmit peer-to-peer data, according to a Palo Alto Networks blog post Sunday. Because KeRanger was signed with a valid Mac application development certificate, it was able to bypass Apple’s Gatekeeper systems, Palo Alto said. KeRanger sleeps for three days before locking files, which means infections will likely become evident Monday. “After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files,” according to the post. KeRanger also infected Time Machine backup files to prevent victims from recovering previously protected data. Palo Alto Networks says it alerted Apple and Transmission on Friday and has since updated its URL-filtering and threat-prevention processes to block KeRanger installs. Transmission has since removed the malicious installers from its website and released version 2.92. Apple revoked the abused certificate and updated its XProtect antivirus signature, Palo Alto Networks said. Apple confirmed in an email to IBD that it has pulled the developer certificate and updated XProject so that no one can install the infected app. Transmission representatives told Forbes that about 6,500 machines were infected. Transmission removed the infected version about 32 hours after Palo Alto notified the site of the breach, Ryan Olson, head of Palo Alto Networks’ threat intelligence unit, told IBD. According to Palo Alto Networks, the only previous ransomware developed to hit Macs was discovered in 2014. Then, security firm Kaspersky Lab found an incomplete hack named FileCoder. “We believe KeRanger is the first fully functional ransomware seen on the OS X platform,” Palo Alto said. Ransomware attacks are booming as cybercrooks shift from bank information theft — a model fraught with risk — to easier and less traceable scams, Olson said. And the attacks are indiscriminate, targeting grandma and her home computer as often as businesses with operations-critical files. “It’s a broad spectrum,” he said. “They’re going to monetize every infection they can using this technique.” Apple stock fell 1.1% on the stock market today , while Palo Alto Networks stock rose 2.3%. Scalper1 News
Scalper1 News