Ransomware infects thousands of Apple Macs

The Apple logo is seen at the company's store in Grand Central Terminal, in New York. (Mark Lennihan, AP, File)
The Apple logo is seen at the company's store in Grand Central Terminal, in New York. (Mark Lennihan, AP, File)

San Francisco - The first widespread ransomware attack on Apple computers is drawing attention to a growing and lucrative corner of the hacking underworld where attackers encrypt and hold data hostage until they are paid to unlock the information.

An estimated 6 500 Macs were infected with malicious software designed to make files inaccessible to owners of desktops and laptops, according to the Transmission Project, a file-sharing software provider.

The decision to target Apple’s OS X software, which is both harder to hack and less widespread than Microsoft’s Windows, underscores how attractive the practice has become, according to Clifford Neuman, who teaches cybersecurity at the University of Southern California.

“We’ve seen a larger incidence of this ransomware, which is the new way that hackers are monetising their attacks,” Neuman said. “Most of it has targeted Windows machines in the past because it is the dominant architecture out there.”

Researchers at Palo Alto Networks discovered the ransomware, which they dubbed KeRanger, on March 4.

Once downloaded and installed, the bug demanded that users pay one bitcoin to decrypt the data, or about $411 at Friday’s prices.

The researchers informed Apple, which revoked a certificate that allowed Macs to download the software, and Transmission updated its program to eliminate the infection, according to Ryan Olson, intelligence director at Palo Alto Networks.

Have you been hit by this ransomware attack? Tell us by clicking here.

Captive Data

The number of known ransomware attacks doubled to more than five million by the third quarter of 2015 from a year earlier, according to Intel’s McAfee security unit.

One bug alone caused more than $325m in damages last year, according to the Cyber Threat Alliance, a group of Web-security companies.

The use of cryptocurrencies such as Bitcoin also makes it easier for attackers to conceal their identities, as opposed to asking victims to transfer funds to a traceable account. “The business model is working so well on Windows that, when they had an opportunity to do so on Mac, they did it,” Olson said. “It’s been effective to the tune of hundreds of millions of dollars a year.”

The new attack targeting Macs follows Apple’s recent tussle with the US government, which is seeking help from the company to decrypt information on a terrorist’s iPhone.

Apple is pushing back, saying that it needs to keep strengthening the security of its devices to protect customers even it means rebuffing a criminal investigation.

Brent Crude
All Share
Top 40
Financial 15
Industrial 25
Resource 10
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Do you think it was a good idea for the government to approach the IMF for a $4.3 billion loan to fight Covid-19?
Please select an option Oops! Something went wrong, please try again later.
Yes. We need the money.
11% - 1401 votes
It depends on how the funds are used.
73% - 9082 votes
No. We should have gotten the loan elsewhere.
16% - 1997 votes