The OS X ransomware likely infected less than 7,000 systems
KeRanger, the first functional OS X ransomware ever detected in the wild, probably didn't do a lot of damage.
Discovered March 4 in a version of the BitTorrent client Transmission, the KeRanger malware infects the host machine, encrypts some of its contents, and asks for bitcoins in exchange of decrypting the owner's data.
You May Also Like
Now, Forbes reports that the malware's impact was relatively low. The outlet spoke to Transmission's John Clay, who shed some light on how the Transmission software got infected with KeRanger and how many users downloaded that version.
According to Clay, the Transmission site's main server was compromised, and though he did not disclose details about the attack, he said security has been increased since.
More importantly, according to Clay's estimate, only around 6,500 users downloaded the infected version of Transmission. And since Apple quickly revoked the digital certificate needed to install the file, many of those users who downloaded the infected version of Transmission were probably unable to install it.
In comparison, the Cryptolocker malware, which attacks Windows computers, infected hundreds of thousands of computers; one 2014 study showed that 3.4% of all UK computer users have been affected.
Mashable asked Apple for comment, but the company would not give any details beyond the fact that, over the weekend, it revoked the certificate allowing the malware to install on Mac systems.
The infected version of Transmission was replaced with a new version, 2.92, which removes the malware from the computer if it finds it.
Discovered by security company Palo Alto Networks, KeRanger is the first OS X ransomware that actually managed to do some damage; a malware called FileCoder was discovered by Kaspersky Lab in 2014, but it was incomplete at the time. It's definitely a wake up call for Apple users, especially since KeRanger also attempts to encrypt Time Machine backup files, meaning that the simple tactics of backing up your files might not be enough to protect your data. According to Palo Alto Networks, the malware appears to be under "active development," meaning this might not be the last we've heard of it.
Have something to add to this story? Share it in the comments.
Topics Apple
Stan is a Senior Editor at Mashable, where he has worked since 2007. He's got more battery-powered gadgets and band t-shirts than you. He writes about the next groundbreaking thing. Typically, this is a phone, a coin, or a car. His ultimate goal is to know something about everything.
