Apple computers have been infected with a malware program demanding 1 BTC as a ransom for retrieving data. Hackers used a BitTorrent file sharing network app to bypass protection and insert the virus.
The information about the attack comes from California-based network security provider Palo Alto Networks. The virus called KeRanger is the first fully functional ransomware seen on the OS X platform, the company's blog post reads. Its only predecessor FileCoder, discovered by Kaspersky Lab in 2014, was incomplete at the time of its release.
After being planted, the malicious application holds a three-day ‘incubation period’ then connects to the attackers' server and starts encrypting files. Victims are requested to pay 1 BTC as a ransom for an electronic key to retrieve their data, Palo Alto Network Intelligence Director Ryan Olson told Reuters.
Attackers used a modified version of Transmission, a BitTorrent client signed with a valid Mac app development certificate. This enabled KeRanger to penetrate protected OS X systems. The version 2.90 of Transmission was released on 4 March and is supposed to be replaced with the malicious program on the same day.
On the weekend Apple revoked digital certificate of Transmission to prevent further infections, the company's representative told Reuters, giving no further details. Transmission removed the infected version and replaced it with another build 2.92. It is claimed to automatically delete malware-infected files after installation. Transmission calls on users running 2.90 version to update immediately.
Bitcoin-related ransomware attacks are growing both in scale and number. In February, the Hollywood Presbyterian Medical Center was attacked by hackers who demanded 50 bitcoins ($17,000) as a ransom. The hospital decided to pay the money to get its system restored.
Elena Platonova