KeRanger Ransomware Hits OS X: Preserve Your Network Security

The Apple OS X is known for being one of the most secure operating systems around. But most network security experts will tell you, that’s more about less malware affecting Apple systems than it is about system security. The fact is, the majority of business users are on either Linux or Windows operating systems. Hackers just don’t have much pay dirt when it comes to Apple.

A New Generation of Hackers Targets Apple

But as more users, particularly businesses, migrate to Apple (for a variety of reasons), more malware can be expected to be designed to target OS X. Case in point, an all-new piece of ransomware called KeRanger has officially hit. KeRanger is capable of bypassing Apple’s Gatekeeper security system using a signed and valid Mac app development certificate.

What Ransomware is

Ransomware is a very particular type of malware that works behind the scenes to either encrypt or steal and corrupt the files on a system. The user typically knows nothing until (s)he receives a warning that the data has been encrypted or corrupted, and the only way to restore their data is to pay a ransom — hence, the name ‘ransomware’. Most often, the data is deleted or made unusable, although in some cases the attackers may threaten something different, such as making the data public. For example, hackers could threaten to publish a company’s proprietary secrets or a list of their customers and their customers’ confidential data.

How OS X Ransomware Works

The KeRanger ransomware takes three days to do its dirty work. After infecting an OS X system, it begins silently encrypting files. After the three day period is up, the ransomware demands that the computer’s owner/user pay them one bitcoin (which is worth about $400 in cash) in order to free their now encrypted and inaccessible files.

In some cases, computers that are backed up can be restored via backups, effectively sidestepping the KeRanger ransomware. However, it requires that the backups are not constantly connected to the system, because the ransomware is capable of infiltrating backups that are continually or sporadically connected to the OS X system.

Apple has, of course, withdrawn the certificate that was exploited by KeRanger, and the XProtect antivirus has been updated to reflect the newly discovered malware. This Mac malware was designed to exploit users who log into systems using admin or other highly privileged accounts, and use those accounts to download free material from sources that are unknown. KeRanger was able to bypass Gatekeeper’s check by using a legitimate developer certificate.

According to security experts, the incidents of malware, such as ransomware, that are designed to target the OS X are on the rise. It is now time for Mac users to begin using the same network security protective measures that Windows and Linux users have been accustomed to using for many years now.

Don’t wait until a hacker hones in on your network or computers. Contact the security experts at Turn-Key Technologies to request a quote today.

By Craig Badrick

04.22.2016

Sign up for the TTI Newsletter