Ransomware infects thousands of Apple Macs

The Apple logo is seen at the company's store in Grand Central Terminal, in New York. (Mark Lennihan, AP, File)
The Apple logo is seen at the company's store in Grand Central Terminal, in New York. (Mark Lennihan, AP, File)

San Francisco - The first widespread ransomware attack on Apple computers is drawing attention to a growing and lucrative corner of the hacking underworld where attackers encrypt and hold data hostage until they are paid to unlock the information.

An estimated 6 500 Macs were infected with malicious software designed to make files inaccessible to owners of desktops and laptops, according to the Transmission Project, a file-sharing software provider.

The decision to target Apple’s OS X software, which is both harder to hack and less widespread than Microsoft’s Windows, underscores how attractive the practice has become, according to Clifford Neuman, who teaches cybersecurity at the University of Southern California.

“We’ve seen a larger incidence of this ransomware, which is the new way that hackers are monetising their attacks,” Neuman said. “Most of it has targeted Windows machines in the past because it is the dominant architecture out there.”

Researchers at Palo Alto Networks discovered the ransomware, which they dubbed KeRanger, on March 4.

Once downloaded and installed, the bug demanded that users pay one bitcoin to decrypt the data, or about $411 at Friday’s prices.

The researchers informed Apple, which revoked a certificate that allowed Macs to download the software, and Transmission updated its program to eliminate the infection, according to Ryan Olson, intelligence director at Palo Alto Networks.

Have you been hit by this ransomware attack? Tell us by clicking here.

Captive Data

The number of known ransomware attacks doubled to more than five million by the third quarter of 2015 from a year earlier, according to Intel’s McAfee security unit.

One bug alone caused more than $325m in damages last year, according to the Cyber Threat Alliance, a group of Web-security companies.

The use of cryptocurrencies such as Bitcoin also makes it easier for attackers to conceal their identities, as opposed to asking victims to transfer funds to a traceable account. “The business model is working so well on Windows that, when they had an opportunity to do so on Mac, they did it,” Olson said. “It’s been effective to the tune of hundreds of millions of dollars a year.”

The new attack targeting Macs follows Apple’s recent tussle with the US government, which is seeking help from the company to decrypt information on a terrorist’s iPhone.

Apple is pushing back, saying that it needs to keep strengthening the security of its devices to protect customers even it means rebuffing a criminal investigation.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
What potential restrictions on unvaccinated South Africans may make the biggest difference to public health, the economy?
Please select an option Oops! Something went wrong, please try again later.
Limited access to restaurants and bars
11% - 128 votes
Limited access to shopping centres
15% - 171 votes
Limited access to live events, including sport matches and festivals
26% - 302 votes
Workplace vaccine mandates
48% - 562 votes