Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Has Shut Down the First Fully-Functional Mac OS X Ransomware (techcrunch.com)

Posted by timothy on from the functional-seems-a-polite-word-for-it dept.

An anonymous reader writes: Apple has shut down what appears to have been the first, fully-functional ransomware targeting Mac computers. This particular form of cyber threat involves malware that encrypts the data on your personal computer so you can no longer access it. Afterwards, the hackers request that you pay them in a hard-to-trace digital currency — in this case, bitcoin — in order for you to retrieve your files. This ransomware, called KeRanger, was first reported by researchers at Palo Alto Networks. They also noted that Apple has now revoked the abused certificate that was used in the attack and updated its built-in anti-malware system XProtect with a new signature to protect customers.

4 of 124 comments (clear)

  1. Re:so much for the walled garden by rsborg · · Score: 4, Insightful

    I thought certs where going to protect us from this mess. It is nice that Apple yanked this cert, but what is to stop another cert from being bought and used to do the same damn thing?

    Nothing. However, what's good to know is that I no longer have to worry about this one - and the turnaround was pretty quick. Assuming Apple can keep up with any threats like this (it's not like they don't have enough money to justify it), it's just like doing a regular bit of weeding in your garden.

    --
    Make sure everyone's vote counts: Verified Voting
  2. Re:so much for the walled garden by Anonymous Coward · · Score: 2, Insightful

    Then you are a trusting idiot.

    Certs don't protect you from malware, they just make it so the spread of malware can be more easily contained when detected. (as shown here the cert can be revoked and the app itself added to the big list o' malware), and give the user the best chance to avoid malware by showing you who wrote the thing you're downloading.

    Apple could potentially protect against ransomware by writing the OS to refuse apps access to files outside their own little corner of the drive (I think iOS does this) then the app could only hold it's own data hostage. But in this case that's probably work somewhat well anyway as the ransomware was packaged with a file sharing program. But that'd come with some negative usability constraints for apps in general.

  3. Re:Wouldn't it be great if.... by geekmux · · Score: 3, Insightful

    Software developers invested this much effort in finding legitimate uses for Bitcoin? Crapware like this only helps to reinforce the notion that Bitcoin is only used by the criminal underground.

    Well, actually it reinforces the purpose of anonymous transactions.

    Let's not sit here and pretend that cash transactions (a.k.a. the other side of the coin) are somehow not heavily relied upon within the criminal community, and for the exact same reasons that bitcoin is.

    Criminal activity will be a side effect of anonymous transactions no matter the medium. What should concern us more is when anonymous transactions are made 100% illegal, even for legitimate privacy reasons.

  4. Re:so much for the walled garden by Anonymous Coward · · Score: 2, Insightful

    All very nice, I'm sure, but completely irrelevant. Ransomware is such a danger because it doesn't need to break any security or get elevated permissions, just attack the files to which the user has legitimate access.