Transmission Beefs Up Security, Mac Ransomware Downloaded ‘Only’ 6,500 Times

Over the weekend the first known Mac ransomware case was discovered, in the popular BitTorrent client Transmission. Users installing the compromised version found their hard drives encrypted by the “KeRanger” malware, locking them out unless they paid hackers to recover their data.

Apple quickly shut down the ransomware by revoking the app’s “abused certificate” used in the attack, confirming it yesterday to TechCrunch. Hackers were able to bypass Apple’s Gatekeeper security by using a valid Mac app development certificate, after compromising Transmission’s main server, then replacing the install disk image with the malware version.

Transmission representative John Clay told Reuters “We’re not commenting on the avenue of attack, other than to say that it was our main server that was compromised,” adding “The normal disk image (was) replaced by the compromised one.”

The company notes roughly 6,500 people downloaded affected versions of Transmission and that “security on the server has since been increased”, while they continue to be in “frequent contact” with Apple and Palo Alto Networks, the latter being the security company that first discovered the ransomware.

Ransomware is scary stuff and this case is a reminder to always back up your data, should a similar situation like this ever occur.

Founder and Editor-in-Chief of Follow me on Twitter, and @iPhoneinCanada, and on Google+.

  • Nick

    In a situation like this, would the password the hard drive is encrypted with be the same for every infected computer? In that case, one person could pay the ransom and share the password with every other infected user. Or even better, someone could analyze the virus and figure out what the password is. If it’s unique to each computer maybe a keygen could be created.

  • Not only is it unique to each computer. It’s unique to each file that’s encrypted. It would be impossible to decrypt using today’s technology.