BY JIM
FINKLE
Apple Inc (AAPL.O)
customers were targeted by hackers over the weekend in the first campaign
against Macintosh computers using a pernicious type of software known as
ransomware, researchers with Palo Alto Networks Inc (PANW.N)
told Reuters on Sunday.
Ransomware,
one of the fastest-growing types of cyber threats, encrypts data on infected
machines, then typically asks users to pay ransoms in hard-to-trace digital
currencies to get an electronic key so they can retrieve their data.
Security
experts estimate that ransoms total hundreds of millions of dollars a year from
such cyber criminals, who typically target users of Microsoft Corp's (MSFT.O)
Windows operating system.
Palo Alto
Threat Intelligence Director Ryan Olson said the "KeRanger" malware,
which appeared on Friday, was the first functioning ransomware attacking
Apple's Mac computers.
"This is the first one in the wild
that is definitely functional, encrypts your files and seeks a ransom,"
Olson said in a telephone interview.
Hackers infected Macs through a tainted
copy of a popular program known as Transmission, which is used to transfer data
through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a
blog posted on Sunday afternoon.
When users downloaded version 2.90 of
Transmission, which was released on Friday, their Macs were infected with the
ransomware, the blog said.
An Apple representative said the company
had taken steps over the weekend to prevent further infections by revoking a
digital certificate that enabled the rogue software to install on Macs. The
representative declined to provide other details.
Transmission responded by removing the
malicious version of its software from its website (www.transmissionbt.com).
On Sunday it released a version that its website said automatically removes the
ransomware from infected Macs.
The website advised Transmission users to
immediately install the new update, version 2.92, if they suspected they might
be infected.
Palo Alto said on its blog that KeRanger
is programmed to stay quiet for three days after infecting a computer, then
connect to the attacker's server and start encrypting files so they cannot be
accessed.
After encryption is completed, KeRanger
demands a ransom of 1 bitcoin, or about $400, the blog said. (bit.ly/1Rvroxv)
Olson, the Palo Alto threat intelligence
director, said that the victims whose machines were compromised but not cleaned
up could start losing access to data on Monday, which is three days after the
virus was loaded onto Transmission's site.
Representatives with Transmission could
not be reached for comment.
No comments:
Post a Comment