KeRanger: First Ransomware to infect Mac Computers

Screenshot 2016-03-07 22.40.05

If you are a Mac user like me, loving to download torrents via the transmission software then you will receive this warning  message at the opening of Transmission !

KeRanger ?

KeRanger is a ransomware  that aims to encrypt the hard drive of the users and then ask them for money to decrypt it. If they do not pay, their data will be lost.

KeRanger has emerged with the application Transmission, the most popular client for download torrents on Mac. Version 2.90 has been infected with ransomware, some users have been affected without knowing .

Users likely to be victims of KeRanger are those who downloaded the version 2.90 of the Transmission software on the 4th or 5th of March.

Three days after infection, this is where KeRanger strike and demand a ransom from the user by encrypting the files from his computer to bar him access.

Once installed, KeRanger will search for approximately 300 different file types and encrypt any it finds. The malware will then display a ransom message, demanding that the victim pay 1 Bitcoin (approximately US$408). Payment is made using a website on the anonymous Tor network .

Apple announced to  be aware of ransomware and has already revoked the certificate from a legitimate developer who has allowed  installation of KeRanger on Mac.

How to Know your are infected ?

Open a Terminal or use the Finder to search /Applications/Transmission.app/Contents/Resources/General.rtf or /Volumes/Transmission/Transmission.app/Contents/Resources/General.rtf files. If present, the transmission application is infected and it is highly advisable to remove.

Screenshot 2016-03-07 22.45.06

Screenshot 2016-03-07 22.47.46

These are  the screenshots of my own Transmission . Since I used  Transmission 2.84 release , I’ m not infected,  For infected computers the file General.rtf must be present between these blue lines ! 

Are you infected ? Sure to download the 2.92 version that will remove the malware!

Screenshot 2016-03-07 22.41.27

 

Deep Web : Virtual to reality (Ross Ulbricht)

3489419_3_624f_profil-linkedin-de-ross-william-ulbricht_5e9a51b897c9680fb84211c1d0cc98b9

Ross Ulbricht, the founder of the Silk Road online site selling drugs was sentenced this Friday, May 29 to life imprisonment by a court in New York. He was known on Silk Road under the pseudonym “Dread Pirate Roberts” or “DPR” .According to FBI information, Ulbricht had moved to San Francisco. Graduated with a Masters degree in Materials Science at the University of Pennsylvania, the young man controlled the servers and infrastructure of the site, he managed a reduced  “customer service” , and ran a small team of administrators.

Silk Road …

“Great quality for heroin smashes”. This is the type of ad you could find on Silk Road. Specifically, Silk Road also called “drug’s ebay” was based on a great principle of anonymity. The site, hidden in the deep web was limited to users in the digital decentralized network that guarantees complete anonymity. Launched in 2011, Silk Road thus allowing its users to sell or buy any product, including drugs. Credit cards and Paypal accounts were obviously prohibited, to ensure user identities’s safety. To pay for purchases, users actually using the virtual currency “bitcoin” which guarantees confidentiality: transactions were anonymous , and the seller did not know the buyer. The only information revealed was the delivery address.

According to the FBI, between February 2011 and July 2013, the  website helped nearly 1.2 million transactions for a total of almost 9.5 million bitcoins,that is  according to calculations by the US authorities close to  1.2 billion. Silk Road levied a commission on each payment, assessed over the same period to 600,000 bitcoins, or 80 million. A sum that allowed to finance the operation of the website and the small team that managed it.

FBI Investigations  …

In July 2013, the FBI was able to identify a server located abroad, which hosted Silk Road. Through cooperation with local authorities, US investigators were able to get a clear picture of the server, and access private messages exchanged on the site. Then able to identify the creators of Silk Road, the FBI and other US security agencies have sought the first traces of online promotion of the site, including forums. It is through this,  that investigators found two messages of a certain “altoid” which allowed them then by cross-checking, finding traces of a blog on WordPress, linked to a Gmail address. This was one of William Ross Ulbricht, the website’s founder.

Bad Configuration – TOR‘s Mechanism…

To identify and locate Silk Road, FBI simply exploited a flaw in the configuration of the home page of Silk Road’s site. By connecting as a simple client, then analyzing traffic between FBI and  Silk Road’s  computers , Tarbell officer (FBI agent) noticed that one IP address sent by the server to validate the connection did not match any identified TOR relay. He then checked the location of the server with the IP address “ordinary” – a very simple operation – and discovered that it led to a commercial hoster installed in Iceland.

To prove the truth of his explanation, almost too simple, the Tarbell agent does not hesitate to refer to the user guide published by the designers of TOR. It explains that to “TOR-ify” an application (eg a retail site), follow a very strict procedure, otherwise the real IP address of the server would be visible, and the passage of data by the digital relays not conceal anything.

Subsequently, after entering the Ross Ulbricht’s private messages , the FBI discovered that he was aware of this flaw in his system. But apparently he had read the manual carefully as less Tarbell agent and had failed to correct it properly …

Once identified IP address, the US sent a request for legal assistance to the Icelandic authorities. Investigators of the Reykjavik police first noted that the target server was managing large volumes of traffic encrypted by TOR. Then she recovered the history of its connections and its entire contents, and transmitted at the FBI. The result was unequivocal: the IP address collected by the FBI was that of a server used by Silk Road to link buyers and drug dealers.

The use of TOR and Bitcoins guaranteed to silk road, a double sophisticated security system in deep web , however he has been unmasked because of a security flaws !

Deep Web the movie …

“Deep web” is the title of 90′ film documentary devoted to Ross Ulbricht and Silk Road. It’s broadcast on US TV Epix this May 31.

Synopsis

Deep Web gives the inside story of one of the the most important and riveting digital crime sagas of the century — the arrest of Ross William Ulbricht, the convicted 30-year-old entrepreneur accused to be ‘Dread Pirate Roberts,’ creator and operator of online black market Silk Road. The film explores how the brightest minds and thought leaders behind the Deep Web are now caught in the crosshairs of the battle for control of a future inextricably linked to technology, with our digital rights hanging in the balance.

 Deep Web features the core architects of the Deep Web; anarchistic cryptographers who developed the Deep Web’s tools for the military in the early 1990s; the dissident journalists and whistleblowers who immediately sought refuge in this seemingly secure environment; and the figures behind the rise of Silk Road, which combined the security of the Deep Web with the anonymity of cryptocurrency.