Over the weekend the first known Mac ransomware case was discovered, in the popular BitTorrent client Transmission. Users installing the compromised version found their hard drives encrypted by the “KeRanger” malware, locking them out unless they paid hackers to recover their data.
Apple quickly shut down the ransomware by revoking the app’s “abused certificate” used in the attack, confirming it yesterday to TechCrunch. Hackers were able to bypass Apple’s Gatekeeper security by using a valid Mac app development certificate, after compromising Transmission’s main server, then replacing the install disk image with the malware version.
Transmission representative John Clay told Reuters “We’re not commenting on the avenue of attack, other than to say that it was our main server that was compromised,” adding “The normal disk image (was) replaced by the compromised one.”
The company notes roughly 6,500 people downloaded affected versions of Transmission and that “security on the server has since been increased”, while they continue to be in “frequent contact” with Apple and Palo Alto Networks, the latter being the security company that first discovered the ransomware.
Ransomware is scary stuff and this case is a reminder to always back up your data, should a similar situation like this ever occur.