KeRanger: First Ransomware to infect Mac Computers

Screenshot 2016-03-07 22.40.05

If you are a Mac user like me, loving to download torrents via the transmission software then you will receive this warning  message at the opening of Transmission !

KeRanger ?

KeRanger is a ransomware  that aims to encrypt the hard drive of the users and then ask them for money to decrypt it. If they do not pay, their data will be lost.

KeRanger has emerged with the application Transmission, the most popular client for download torrents on Mac. Version 2.90 has been infected with ransomware, some users have been affected without knowing .

Users likely to be victims of KeRanger are those who downloaded the version 2.90 of the Transmission software on the 4th or 5th of March.

Three days after infection, this is where KeRanger strike and demand a ransom from the user by encrypting the files from his computer to bar him access.

Once installed, KeRanger will search for approximately 300 different file types and encrypt any it finds. The malware will then display a ransom message, demanding that the victim pay 1 Bitcoin (approximately US$408). Payment is made using a website on the anonymous Tor network .

Apple announced to  be aware of ransomware and has already revoked the certificate from a legitimate developer who has allowed  installation of KeRanger on Mac.

How to Know your are infected ?

Open a Terminal or use the Finder to search /Applications/Transmission.app/Contents/Resources/General.rtf or /Volumes/Transmission/Transmission.app/Contents/Resources/General.rtf files. If present, the transmission application is infected and it is highly advisable to remove.

Screenshot 2016-03-07 22.45.06

Screenshot 2016-03-07 22.47.46

These are  the screenshots of my own Transmission . Since I used  Transmission 2.84 release , I’ m not infected,  For infected computers the file General.rtf must be present between these blue lines ! 

Are you infected ? Sure to download the 2.92 version that will remove the malware!

Screenshot 2016-03-07 22.41.27

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s