On March 4, 2016, the Palo Alto Networks research team discovered a new MAC OS X ransomware called KeRanger that had infected the Transmission BitTorrent client installer. KeRanger is the first official complete and functioning ransomware to affect OS X. FileCoder, which was discovered in 2015 by Kapsersky Lab, was the first of its kind, but incomplete at the time of its discovery.
While malware is usually distributed through email, these attackers have executed the malware differently. They hacked into Transmission and created a fake version, numbered 2.90, and published it as an official download on the site. KeRanger was signed with a valid Mac app development certificate, enabling it to bypass Apple’s Gatekeeper security. 2.90 will lay dormant for 72 hours before the ransomware triggers and damages your system.
[ii] Image Retrieved from Sophos
The best practice to protect your computer is to update Transmission to 2.92 ASAP. We recommend running a Mac anti-virus, that will automatically and thoroughly scan downloaded files before you run them for the first time. Ensure you also make regular backups and keep a recent backup copy offline, and offsite on an external hard drive. OS X has a software program called Time Machine, that can create encrypted backups, keeping your backups safe from prying eyes in case of theft.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
[i] Read more at: https://www.transmissionbt.com/
[ii] Read more at: https://nakedsecurity.sophos.com/2016/03/08/ransomware-arrives-on-the-mac-osxkeranger-a-what-you-need-to-know/