Update: Mac ransomware may have flaws that allow file recovery

keranger ransomware mac users macbook shot
Seth Schwiet/Unsplash
It’s not exactly a pleasant experience dealing with any sort of malware on your computer, but ransomware — which encrypts users’ files and essentially holds them hostage for payment — ratchets up the malevolence to a whole new level. While until now Windows users have been the primary targets of this type of malware, over the weekend, Mac users found out the hard way that they aren’t safe either.

Over the weekend, security firm Palo Alto Networks discovered that the installers for the torrent client Transmission had been infected with ransomware called KeRanger. Despite the discovery of another piece of ransomware called FileCoder by Kaspersky in 2014, this is the first actual functional ransomware discovered for the Mac.

Updated on 03-09-2016 by Jon Martindale: Added information about the discovery of a possible recovery technique.

Exactly how the Transmission installers were infected with KeRanger isn’t clear. “It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred,” Palo Alto Networks wrote.

Transmission is signed with a certificate from the developer, so OS X recognizes it as legitimate software, which is how the ransomware manages to infect a system. This certificate was quickly revoked over the weekend, effectively limiting the threat, MacWorld reports. For its part, Transmission is urging users to update to the latest version of the software.

If KeRanger does manage to infect a system, it lies dormant for three days before it strikes. At that point, the user’s files are encrypted, and the malware even attempts to encrypt TimeMachine backups, keeping the user from restoring from a backup. The ransomware then demands 1 bitcoin, roughly $400, to de-encrypt the files.

Should you find yourself infected though, don’t panic — there may be a way out without buying bitcoins first. According to anti-malware company, Bitdefender, the KeRanger ransomware is built upon the foundations of another: Linux.Encoder. While this might not mean much to most, it’s significant because Linux.Encoder is far from flawless.

Researchers at Bitdefender were previously able to create tools to decrypt files, without knowing the private key. Although there’s no guarantee, there’s a possibility that the same solution could be found for KeRanger too.

The prognosis is reasonably strong too, with PCWorld reporting that the KeRanger ransomware is almost identical to the fourth version of Linux.Encoder, which has been countered by BitDefender’s tools. Although no such tool yet exists for KeRanger, it seems likely that it will in the near future.

While ransomware has existed for quite some time, its usage has surged in recent years. One recent variant used the built-in text-to-speech engine in Windows to alert users that their files had been encrypted. And an even scarier incident happened last month, when a hospital was forced to pay $17,000 worth of bitcoin to attackers in order to restore its files.

This particular threat to Mac users may have been short-lived, but this likely won’t be the last time we see ransomware targeting the platform. For the time being, all users can do is try to maintain safe browsing habits, which is often easier said than done.

Product Review

It's not just light. Alienware's m15 is an entirely new breed of gaming laptop

Thin and light gaming is a new category of laptop, led by options like the Razer Blade. Alienware now has its own entry -- The Alienware m15. It’s not the thinnest, lightest, or sleekest option in the bunch, but it doesn’t hold back in…
Computing

Which Macs are compatible with MacOS Mojave?

Is your computer ready for Apple's big Mojave update? Here's what you need to know about MacOS Mojave compatibility, what Macs can successful download Mojave, and the requirements you need to know about.
Mobile

G’day, Google: U.S. users can now give Assistant a British or Australian accent

U.S. Google Assistant users can give their Assistant a different voice. Google has updated Assistant with the ability for users to give it either a British or Australian accent, which could make it a little more personal for some.
Computing

Windows 10 user activity logs are sent to Microsoft despite users opting out

Windows 10 Privacy settings may not be enough to stop PCs from releasing user activity data to Microsoft. Users discovered that opting out of having their data sent to Microsoft does little to prevent it from being released.
Computing

PewDiePie supporters hack printers, hope to boost his subscription numbers

In an attempt to garner more subscribers for their favorite vlogger and secure his status as having the most YouTube subscribers, PewDiePie supporters claimed to have hacked thousands of printers worldwide.
Web

Chrome fights manipulative sites that don’t allow you to hit the back button

Have you encountered a webpage that won't let you hit the back button? Someun scrupulous websites employ what's known as history manipulation, preventing you from hitting the back button, but now Google Chrome will be fighting back.
Photography

Forget painting-style transfers, this A.I. creates realistic portraits of fake people

Do these images look computer-generated? Nvidia researchers recently published a paper on a new variation on style transfer artificial intelligence that's able to generate entirely new portraits.
Gaming

With our Steam guide, you can give the gift of gaming this holiday season

The holidays may have passed, but it's always a good time to give the gift of gaming (especially when there's a Steam sale)! Here's our quick guide on how to give a Steam game as a gift.
Computing

Leaked HP laptop listing reveals entry-level Nvidia MX250 GPU

Alongside powerful graphics cards, Nvidia may have more mobile GPUs to show off at next year's CES show in January. The MX250 has been spotted in a listing for an HP laptop, potentially replacing the entry-level MX150.
Computing

ZSpace’s laptop brings education to life with its own 3D technology

The ZSpace laptop wants to overhaul education and training by offering affordable access to 3D mixed reality through a bespoke screen and glasses technology that is already supported by a wide array of applications.
Computing

Former Microsoft intern claims Google may have sabotaged Edge browser

Google's Chrome web browser has been able to establish such dominance that Microsoft is abandoning its web rendering engine, switching Edge over to Chromium, but did Google play dirty in an attempt to force Microsoft to make the decision?
Computing

ViewSonic’s 1080p gaming monitor lets you experience the action in style

ViewSonic is catering to gamers with its latest monitor, the XG240R. Featuring a 1080p 144Hz panel, RGB lighting, and a fast 1ms response time, you can conquer your opponents and do it in style.
Computing

Here’s why you might still be using Wi-Fi after cellular 5G launches

Cellular 5G might be around the corner and promising to deliver lightning fast speeds, but the folks over at the Wi-Fi Alliance have a few reasons why they think you shouldn't dump Wi-Fi just yet.
Computing

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.