From TechCrunch this morning:
Apple has shut down what appears to have been the first, fully-functional ransomware targeting Mac computers. […] This ransomware, called KeRanger, was first reported by researchers at Palo Alto Networks. They also noted that Apple has now revoked the abused certificate that was used in the attack and updated its built-in anti-malware system XProtect with a new signature to protect customers.
Apple is being credited with mounting a quick and defensive response, but the threat is now palpable. This particular threat appears to have been mitigated, but it was in active development and future attackers may gain access to Time Machine backups of Mac OSX files.
In this case, it’s not especially likely that many lawyers would have been afflicted by KeRanger en masse. This was not a case of targeted attack. The vector was a corrupted update for the filesharing application Transmission. Filesharing on a machine connected to your work and client files is not at all advisable, of course, but if you use a shared Mac at home and someone downloaded v2.90 of Transmission on or after March 4, 2016, be aware.
Encryption begins three days after the malware infected version is first launched.
Check the Apple Forums for help if you’re infected: https://discussions.apple.com/thread/7485717
For Mac users this is a dark, but not unexpected day. Several sources have popped up to offer tips on protecting Macs from this type of threat.
Earlier last month I submitted an update on the cryptovirus battlefront, noting how an anti-ransomware breakthrough was possibly on the horizon but that post ended with a quote from McAfee Labs’ 2016 Threats Predictions relating to this exact turn of events: “We also expect ransomware to start targeting Mac OSX in 2016 due to its growing popularity.”
– Find Nate Russell on Twitter