What does the first Mac OS X ransomware emergence mean?
Ransomware has been found more and more on digital systems in recent times, and it's becoming a real problem.
Hijackers get onto your system and encrypt sensitive files, meaning you cannot access them until you pay a fee to the criminal and they unlock your data again. It has been more of a problem for businesses so far, but general users are also being targeted now, and this has seen the emergence of the first ever ransomware attack on a Macintosh operating system1.
What could this mean for the cybersecurity industry?
Mac OS X - no longer untouchable?
Symantec Security Response suggests that any users who downloaded the Transmission BitTorrent client on March 4 or 5 this year could be at risk1. According to OS X Daily, the market share of Mac users in Australia is 13.94 per cent, which is the sixth highest in the world2. While there are more than only Windows and Mac users, Windows has long been the target of many attacks, and Mac was seen as the impenetrable Apple fortress. That doesn't seem to be the case anymore.
Symantec reports that there have been malicious attacks on the Safari web browser for Mac users in recent years, although there was nothing that targeted the operating system itself1.
That is, until November 2015, when a Brazilian cybersecurity expert developed a 'proof of concept' (PoC) ransomware that targets OS X1. Symantec's testing proved that this PoC was functional1.
The OS X was compromised by a new type of malware called KeRanger, which Symantec reported was only in distribution for a very short period of time1. KeRanger is a Trojan that bullies its way onto a Mac computer and searches for 300 different file types, which it then encrypts before informing the user they must pay for the release of this data3. The amount that has been reported is one bitcoin, which currently sits at approximately AU$555, according to XE.com4.
This might be a little steep for some users to pay for a few personal photographs or old documents, but the way the ransomware program works is that it searches for the most high-value content on a system and sets the encryption on the users' content.
What can be done to combat this threat?
First and foremost, install an antivirus software that has the most recently updated virus definitions to include all ransomware - be it for Mac users or Windows.
Once an antivirus system is in operation, it will monitor your downloads, internet traffic and external devices connected to your computer to keep any suspicious or unfamiliar software at bay. In the case of KeRanger, the Transmission BitTorrent client was installed when it should not have been. If this was on a system with no additional protection, there could have been an infection put onto a system without the user's knowledge.
Symantec suggests that even though there might not have been much success on the end of the hackers this time around, it could motivate more groups to develop malware that can infiltrate the OS X system1. Due to this idea, it could well be worth your while to research what antivirus software would be best for your needs - and before another instance of a Mac attack is seen.
Are you worried about your personal information being taken and distributed around the world by hackers? The team at Identity Watch is on hand with recommendations and services that can monitor forums for stolen data - get in touch to keep your identity your own.
1. Symantec. KeRanger: First Mac OS X ransomware emerges. Accessed April 2016.
2. OS X Daily. Mac Market Share Around the World. Accessed April 2016.
3. Symantec. OSX.KeRanger. Accessed April 2016.
4. XE.com. Accessed April 2016.