Mac users beware: for the first time a malicious software, demanding ransom for their own data circulating on the Internet for Apple’s operating system OSX. We tell you how you protect yourself against the Ransomware KeRanger.Mac users beware: for the first time a malicious software, demanding ransom for their own data circulating on the Internet for Apple’s operating system OSX. We tell you how you protect yourself against the Ransomware KeRanger.
KeRanger uses transmission as a gateway
And now the safe Apple computer. For the distribution of KeRanger the developers had come up with the following. You infected the installer from transmission. This is a BitTorrent client, with which users can share files and programs. It is unclear how exactly they did. Possibly, they chopped the server and inserted the malicious code in the installer.
The consequences are clear: after infection occurred around 6500 times to download, the transmission user KeRanger simply took the machine. Transmission itself reacted promptly and provided an adjusted update transmission (2.92), the KeRanger allegedly from the infected computer away. Apple responded, supplying an update the anti-malware XProtect and declared invalid the certificate used by the hackers.
Is your Mac infected?
As follows, and you find out whether your computer also has become victims of KeRanger. In the /Applications/Transmission.app/Contents/Resources or /Volumes/Transmission/Transmission.app/Contents/Resources/ folder, locate the file General.rtf. You will find it, transmission is infected. Then immediately delete the version of the installer and install version 2.92.
In the activity monitor you can check also whether KeRanger is already driving mischief. The process, you should immediately stop is called kernel service. To protect themselves in the future, it can help to keep all applications on the Mac with updates on the latest.
Police advises: do not pay, but display will refund
And what to do if KeRanger has encrypted the data already and demands ransom? The Federal Office for security in Information Technology (BSI) and the Police advise: do not pay, but refund display. Because there is no guarantee that the blackmailer give out the key. In addition, experts in some cases can decrypt the data with own digital tools again.