Everything You Need to Know About Ransomware and Macs

Tech Features
Share Tweet Submit Pin
Everything You Need to Know About Ransomware and Macs

You’ve likely heard of ransomware. It’s been around for a while now but has taken a whole new degree of danger this year.

The form of malware infects your system, encrypts all your data and, as the name would suggest, holds it to ransom in exchange for a payment, sometimes a couple of hundred dollars’ worth of bitcoin.

For a long time this typically only affected Windows users but this week, cybersecurity firm Palo Alto Networks discovered the first known strain of OS X ransomware for Macs. The “KeRanger” malware was downloaded through an infected copy of BitTorrent file sharing software Transmission. It was allegedly downloaded more than 6,000 times before Apple and Transmission were able to patch things up.

This 6,000 figure is relatively small for ransomware infections in the grand scheme of things compared to Windows and Android. Nevertheless, the advent of a Mac version of ransomware shows that this threat isn’t going away any time soon. As Vann Abernethy, CTO of DDoS protection firm told Help Net Security, Mac users will now have to become as wary of threats as Windows users have been for the last number of years.

The most high profile ransomware case recently was at the Hollywood Presbyterian Medical Center hospital in Los Angeles. Likely thanks to an innocuous phishing email attachment, the ransomware was introduced to its network, encrypting valuable medical data for which there were no efficient backups and some patients even had to be moved to other facilities. Ultimately the hospital paid the $17,000 in bitcoin ransom that was being held over their heads.

Similarly a schools district in South Carolina had no choice but to dig deep into its pockets and hand over $8,500 to get its files back. And in one of the more extreme examples, a county council in the UK was hit with a ransom for £1 million.

The Evolution of Ransomware

Ransomware has been morphing a great deal of late. Before, a piece ransomware would just encrypt the files and send the demand to the victim. Lately it’s switched to using different languages to communicate with the victim, like the Cerber malware that supports 12 languages and purposefully avoids infecting computers in Eastern Europe.

CTB-Locker, another strain of the malware, goes after WordPress websites, encrypts their files and demands the website owner pays up.

On Monday McAfee Labs reported on the growth of the Locky ransomware late. This is the very malware that is believed to have infected the LA hospital network. The virus is “on the rampage” according to security researchers and has been spread through an infected Microsoft Word file but lately, says McAfee Labs, it has shifted to using a bogus JavaScript that you are lured into downloading.

These are the sorts of things that users need to keep an eye out for. Phishing emails are a classic yet still reliable method of infecting a system.

The only true remedy to ransomware, other than vigilance when it comes to attachments and the like, is to keep a secure backup. This sounds like a logical thing to do but you’ll be surprised by the number of people and organizations that don’t do it. A ransom attack similar to LA in the last few weeks at a hospital in Germany was thwarted for the most part as it had backups it could turn to.

Preparedness is key because targets almost seem random. A church in Oregon, not the first kind of target that springs to mind, recently paid $570 to unlock its files after an attack. Ransom demands are typically kept low for individuals and small businesses to increase the chances of someone actually paying and it appears to be working. According to figures from the FBI, Cryptowall, a particular kind of ransomware, generated $18 million in revenue in 2014 and 2015.

The probable reason for this jump in ransomware activity is down to the ease of access to these hacking tools, according to a report from the Institute for Critical Infrastructure Technology.

“A trendy crypto ransomware sells for about $2000 on dark net forums. Locker ransomware probably costs less. This means that an attacker only needs to ransom eight everyday users (at the average $300) to generate a profit,” write the authors.

Ransomware is spreading. It may be taking on new forms but your due diligence remains the same in staying cautious of email links, phishing websites, and maintaining back-ups of your data.

Also in Tech