• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Key takeaways from the rise of KeRanger malware

Key takeaways from the rise of KeRanger malware

  • Posted on:March 27, 2016
  • Posted in:Industry News
  • Posted by:
    Noah Gamer
0
Ransomware strikes Macs for the first time.

The Mac versus PC debate is often framed in the context of cyber security. Apple zealots attest that their computer darling's products are more secure than PCs, and while this is somewhat true, it doesn't actually reflect upon the integrity of  the Cupertino company's cyber security. Most of the world's computers are still PCs, so hackers are much more likely to spend time and energy figuring out how to compromise them for gain. It's purely a numbers game.

Nevertheless, Apple products are increasingly ending up on cyber criminals' radar. In a pivotal moment in the company's long and illustrious history, OS X was recently hit with ransomware for the first time ever.

What is KeRanger malware, and how is it installed?

Discovered on March 5, KeRanger is a strain of encryption malware that after bring in the system for three days, encrypts a victim's files and demands a ransom in the form of 1 bitcoin. According to Trend Micro, the malware is installed via an open source file-sharing application called Transmission (version 2.90).

The hacker responsible for the malware is believed to have used a Mac app development certificate to get past Apple Gatekeeper, which is used to verify the legitimacy of applications. From here, the culprit was able to replace the authorized installer with an illegitimate version compiled with the malware.

Far-reaching implications

In almost any other scenario, the rise of KeRanger would not have made much of a splash. However, the new encryption malware is indicative of several important trends. Firstly, it's a sign that Mac users are no longer immune to ransomware – if it happens once, it will most likely happen again, and next time it won't be quite so unprecedented. KeRanger, like any form of encryption malware, is also extremely effective in its methodology, which is why Trend Micro rated its damage potential as "critical." Once crypto malware infects a system, the user has few options but to pay up, say goodbye to their files and hopefully restore their backup.

More importantly, KeRanger malware is reflective of just how rampant ransomware has become. According to the Online Trust Alliance, cyber extortion is on the rise. In fact, crypto malware has crippled four hospitals in the past two months, three in California and another in Kentucky. The scariest part, as pointed out by independent journalist Brian Krebs, is that ransomware is likely to only get worse, and as it does, hackers will get a better sense of just how much money they can extort their victims for.

KeRanger's ransom, for instance, is a little over $400, which a private Mac user might be willing to fork over to recover all of the files on a personal computer. In the case of the Hollywood Presbyterian Medical Center, however, a ransom of $17,000 was paid to lift the attack. The subsequent strings of ransomware (identified as Locky) did not have to pay the ransomware, but this is hardly consolation considering these attacks are becoming more frequent, and have the potential to be so damaging. 

The best way to fight the impending onslaught of ransomware is through vigilance – when downloading files, opening email attachments or enabling macros – a layered approach to cyber security and most importantly, backing up your files on a regular basis. Mac or PC user, organization or individual, takes these steps, and you avoid becoming the victim of cyber extortion. 

Related posts:

  1. Takeaways from the 2016 Threat Landscape
  2. Update: Mobile threats on the rise
  3. Social media malware on the rise
  4. Mobile malware continues to rise: Protecting your smartphone

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.