Yes, Ransomware Can Affect Macs Too

Yes, Ransomware Can Affect Macs Too

A report from security firm Palo Alto Networks has the paranoid corners of the internet freaking out today: The first fully-functional ransomware has been found screwing up people’s Macs. But put down the emergency whiskey, and don’t panic just yet.

The news that ransomware has come to OS X isn’t good. Ransomware is a particularly nasty type of virus, which infects your computer, encrypts all your files, and then demands a monetary ransom to be paid to some mystery hacker, in return for unlocking your files. It’s been plaguing Windows users and hospitals (not mutually exclusive) for several years, so the fact that it’s spread to OS X in any form is indeed bad.

But before you go burn your electronics and move to a Farady-caged cave, it’s worth looking at the details. The ransomware was found in the latest version of Transmission, an open-source torrenting client. It’s unclear exactly how the virus got there — someone hacking the project’s website, perhaps — but the upshot is that anyone who downloaded Transmission on Friday morning also downloaded a virus. That virus lies dormant for three days, before using a Tor client to connect to a server on the internet, and start locking vulnerable files. A ransom of one bitcoin (around $US400 [$538]) is demanded.

Sounds bad! But here’s the good news: it’s an incredibly limited attack vector, which relies on a series of unusual circumstances, and easily detected. Users had to explicitly download and run an app in order to be affected; it’s not as simple as opening a bad email attachment or clicking the wrong thing in a browser.

So, in order to trick people into downloading the ransomware, someone had to hack Transmission’s website (or code) and add in the virus — not nearly as easy as blasting out phishing emails, and far more limited. It’s also easy to detect and rectify — Palo Alto noticed the virus within hours of it going live, and Apple removed the signing certificate for the app within a day, meaning the ransomware can no longer be installed. A patch (a newer version of Transmission) is already available on the Transmission site.

So yes, Macs can technically get ransomware, but it relies on a unique set of circumstances far beyond opening a bad PDF. In other words: don’t freak out, just choose your shady torrenting client a little better next time. Oh, and back your shit up.

[Palo Alto]