Page 74 - Cyber Warnings
P. 74
Ransomware Becoming Serious Threat to Apple Devices
Among the iPhone-loving, Mac-toting public, Apple
has long clung to its reputation for superior
malware resistance. Yet, as their popularity
increased, Apple products became more enticing
targets for malware creators. Within the last 10
years, malware designed for OSX and iOS has
increased exponentially; in fact, in 2015, there was
more Mac malware floating around than experts
had seen in the previous five years combined.
Observing this pattern, few should be surprised to
learn that ransomware is becoming increasingly
dangerous to Apple tech. Last March, experts
found the first evidence of ransomware that could
beat Mac’s legendary defenses, and since then,
several more examples of Apple-specific ransomware have been found. The time has passed
since Apple users could ignore malware warnings; now every Mac and iPhone user must learn
about the dangers of the newest and most insidious malware, ransomware, and become
protected against its attacks.
KeRanger and the First Mac Ransomware
On March 6, 2016, researchers discovered a frightening corruption in a third-party torrent
installer called Transmission. Equipped with a valid Mac app development certificate, the
malware could bypass Apple’s Gatekeeper protection. This malware was named KeRanger.
KeRanger remained dormant for three days ― just long enough for users to wonder how the
malware infiltrated their systems. Then it launched into action, connecting with a command
server and encrypting nearly all the device’s data, starting with files in /Users and /Volume and
any with the most popular file extensions: .doc and .docx, .jpg and .jpeg, .mp3, .wav, .flac, .zip,
.rar, .db, .eml, and dozens more. Finally, it sent users a ReadMe file, instructing them to pay
one bitcoin ― which equated to over $400 at the time ― or never see their data again.
Since then, KeRanger has been added to Apple’s XProtect anti-malware definitions, but experts
and Apple users continue to reel with the news of its discovery. Ransomware has existed for
Windows devices for some years now, but KeRanger marked the first complete, in-the-wild case
of ransomware designed for Mac use. It’s destressing that the malware infiltrated users’
computers through an otherwise legitimate third-party website, and it isn’t inconceivable that
other hackers will use the same tactic in the future. Though KeRanger stands alone as the only
successful Mac ransomware, most experts believe it a chilling example of the Mac malware to
come.
74 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
