Ransomware has now extended its encrypting tentacles to ensnare Mac users with the news that Transmission, the BitTorrent client for Apple’s desktop operating system, has been infected with KeRanger.
This is the first time the Mac has been hit with ransomware, which as the name suggests, locks files on the computer by encrypting them, and then demands a payment to unlock that encryption.
KeRanger charges some $400 (around £280, or AU$540) for unlocking the victim’s files – or at least theoretically unlocking them, anyway. One of the other problems with ransomware is there’s no guarantee payment to criminals will be the end of the issue, of course.
The attack was flagged up by Palo Alto Networks, who detected the infection of Transmission last Friday morning. Transmission version 2.90 installers were affected, with researchers noting that it’s possible the program’s official website was compromised, and the software replaced with modified versions loaded with the ransomware.
Upgrade right now
The developers of Transmission immediately posted the following warning on the website: “Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the ‘OSX.KeRanger.A’ ransomware is correctly removed from your computer.”
Even those who upgraded to version 2.91 should immediately install version 2.92, as although the former version was clean, it didn’t have the routines built in to automatically remove the malware.
Upgrading should be seen as an absolute priority, to clean out the infection before any ransomware demand might kick in – apparently the malware waits for three days before it hooks up with its command and control servers and begins its encryption nastiness.
So time is very much of the essence, as if you downloaded the malicious version of Transmission on Friday, it’ll be kicking in today.