If you recently installed Transmission version 2.90 onto your Apple system, you might have infected yourself with some time-delayed ransomware.
If you're big into BitTorrent, and you're a Mac user, here's hoping that you didn't grab a recently released version of the Transmission BitTorrent client for OS X. If so, you might have unknowingly infected your computer with the platform's first official ransomware.
If you're big into BitTorrent, and you're a Mac user, here's hoping that you didn't grab a recently released version of the Transmission BitTorrent client for OS X. If so, you might have unknowingly infected your computer with the platform's first official ransomware.
According to Transmission's website, version 2.90 of the application contained the malware, and users are strongly encouraged to upgrade to version 2.91 (or delete their copy of 2.90) to avoid any issues it might cause. You can also do a little sleuthing yourself to see if the embedded ransomware, KeRanger, has hit your system. Just run through some of the steps listed in the "how to protect yourself" portion of a new blog post from Palo Alto Networks' threat intelligence team, which details out the steps you'll need to take to clear yourself of KeRanger.
You could also just wipe and restore your system to an earlier time period, suggests 9to5Mac. If you do that, you'll (obviously) want to restore to some point before whenever it is you installed Transmission 2.90—any point before the app's March 4 release date should be fine.
According to Reuters, Apple is already using its Gatekeeper system to prevent new installations of the infected Transmission client, but that isn't very useful for those who have already installed it.
As for how the malware works, Palo Alto Networks' threat intelligence team has a helpful description:
"If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files. Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data."
If you're infected, haven't gone through the steps to clear the malware, and are hit with this demand, we suggest you resist the urge to pay up. There's no way to actually verify that whoever it is you're paying won't just take your money and run. Worse, they might even find a way to exploit your system even more if you leave the malware installed—don't do that.
Blogger Comment
Facebook Comment