• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Key takeaways from the rise of KeRanger malware

Key takeaways from the rise of KeRanger malware

  • Posted on:March 27, 2016
  • Posted in:Industry News
  • Posted by:
    Noah Gamer
0
Ransomware strikes Macs for the first time.

The Mac versus PC debate is often framed in the context of cyber security. Apple zealots attest that their computer darling's products are more secure than PCs, and while this is somewhat true, it doesn't actually reflect upon the integrity of  the Cupertino company's cyber security. Most of the world's computers are still PCs, so hackers are much more likely to spend time and energy figuring out how to compromise them for gain. It's purely a numbers game.

Nevertheless, Apple products are increasingly ending up on cyber criminals' radar. In a pivotal moment in the company's long and illustrious history, OS X was recently hit with ransomware for the first time ever.

What is KeRanger malware, and how is it installed?

Discovered on March 5, KeRanger is a strain of encryption malware that after bring in the system for three days, encrypts a victim's files and demands a ransom in the form of 1 bitcoin. According to Trend Micro, the malware is installed via an open source file-sharing application called Transmission (version 2.90).

The hacker responsible for the malware is believed to have used a Mac app development certificate to get past Apple Gatekeeper, which is used to verify the legitimacy of applications. From here, the culprit was able to replace the authorized installer with an illegitimate version compiled with the malware.

Far-reaching implications

In almost any other scenario, the rise of KeRanger would not have made much of a splash. However, the new encryption malware is indicative of several important trends. Firstly, it's a sign that Mac users are no longer immune to ransomware – if it happens once, it will most likely happen again, and next time it won't be quite so unprecedented. KeRanger, like any form of encryption malware, is also extremely effective in its methodology, which is why Trend Micro rated its damage potential as "critical." Once crypto malware infects a system, the user has few options but to pay up, say goodbye to their files and hopefully restore their backup.

More importantly, KeRanger malware is reflective of just how rampant ransomware has become. According to the Online Trust Alliance, cyber extortion is on the rise. In fact, crypto malware has crippled four hospitals in the past two months, three in California and another in Kentucky. The scariest part, as pointed out by independent journalist Brian Krebs, is that ransomware is likely to only get worse, and as it does, hackers will get a better sense of just how much money they can extort their victims for.

KeRanger's ransom, for instance, is a little over $400, which a private Mac user might be willing to fork over to recover all of the files on a personal computer. In the case of the Hollywood Presbyterian Medical Center, however, a ransom of $17,000 was paid to lift the attack. The subsequent strings of ransomware (identified as Locky) did not have to pay the ransomware, but this is hardly consolation considering these attacks are becoming more frequent, and have the potential to be so damaging. 

The best way to fight the impending onslaught of ransomware is through vigilance – when downloading files, opening email attachments or enabling macros – a layered approach to cyber security and most importantly, backing up your files on a regular basis. Mac or PC user, organization or individual, takes these steps, and you avoid becoming the victim of cyber extortion. 

Related posts:

  1. Takeaways from the 2016 Threat Landscape
  2. Update: Mobile threats on the rise
  3. Social media malware on the rise
  4. Mobile malware continues to rise: Protecting your smartphone

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.