The Mac versus PC debate is often framed in the context of cyber security. Apple zealots attest that their computer darling's products are more secure than PCs, and while this is somewhat true, it doesn't actually reflect upon the integrity of the Cupertino company's cyber security. Most of the world's computers are still PCs, so hackers are much more likely to spend time and energy figuring out how to compromise them for gain. It's purely a numbers game.
Nevertheless, Apple products are increasingly ending up on cyber criminals' radar. In a pivotal moment in the company's long and illustrious history, OS X was recently hit with ransomware for the first time ever.
What is KeRanger malware, and how is it installed?
Discovered on March 5, KeRanger is a strain of encryption malware that after bring in the system for three days, encrypts a victim's files and demands a ransom in the form of 1 bitcoin. According to Trend Micro, the malware is installed via an open source file-sharing application called Transmission (version 2.90).
The hacker responsible for the malware is believed to have used a Mac app development certificate to get past Apple Gatekeeper, which is used to verify the legitimacy of applications. From here, the culprit was able to replace the authorized installer with an illegitimate version compiled with the malware.
In almost any other scenario, the rise of KeRanger would not have made much of a splash. However, the new encryption malware is indicative of several important trends. Firstly, it's a sign that Mac users are no longer immune to ransomware – if it happens once, it will most likely happen again, and next time it won't be quite so unprecedented. KeRanger, like any form of encryption malware, is also extremely effective in its methodology, which is why Trend Micro rated its damage potential as "critical." Once crypto malware infects a system, the user has few options but to pay up, say goodbye to their files and hopefully restore their backup.
More importantly, KeRanger malware is reflective of just how rampant ransomware has become. According to the Online Trust Alliance, cyber extortion is on the rise. In fact, crypto malware has crippled four hospitals in the past two months, three in California and another in Kentucky. The scariest part, as pointed out by independent journalist Brian Krebs, is that ransomware is likely to only get worse, and as it does, hackers will get a better sense of just how much money they can extort their victims for.
KeRanger's ransom, for instance, is a little over $400, which a private Mac user might be willing to fork over to recover all of the files on a personal computer. In the case of the Hollywood Presbyterian Medical Center, however, a ransom of $17,000 was paid to lift the attack. The subsequent strings of ransomware (identified as Locky) did not have to pay the ransomware, but this is hardly consolation considering these attacks are becoming more frequent, and have the potential to be so damaging.
The best way to fight the impending onslaught of ransomware is through vigilance – when downloading files, opening email attachments or enabling macros – a layered approach to cyber security and most importantly, backing up your files on a regular basis. Mac or PC user, organization or individual, takes these steps, and you avoid becoming the victim of cyber extortion.