Slashdot Mirror
Apple Has Shut Down the First Fully-Functional Mac OS X Ransomware (techcrunch.com)
An anonymous reader writes: Apple has shut down what appears to have been the first, fully-functional ransomware targeting Mac computers. This particular form of cyber threat involves malware that encrypts the data on your personal computer so you can no longer access it. Afterwards, the hackers request that you pay them in a hard-to-trace digital currency — in this case, bitcoin — in order for you to retrieve your files. This ransomware, called KeRanger, was first reported by researchers at Palo Alto Networks. They also noted that Apple has now revoked the abused certificate that was used in the attack and updated its built-in anti-malware system XProtect with a new signature to protect customers.
So if you've already been infected and locked, this seems like it would shut down any avenue of unlocking your files. Maybe there aren't already people actively locked, but this seems like it would be a problem. Anyone know any more?
Well, that was fast. One day.
Sure, it's not a system patch but a certificate revocation, but still a responsibly swift resolution.
BTW, it was a malware Trojan, likely a double-Trojan, injected between the unwitting developer and the unwitting downloader, using the compromised certificate. Whether in transit if http downloaded, or by some other exploit, I dunno. Those more expert than me can answer that one.
It was not a virus. It was a Trojan inserted by a third party. I understand that it (probably) affected Linux and Windows as well. Please, everyone, just use proper terminology. It aids discussion.
Microsoft should adopt the same model.but it would require a herculean effort to get their products up to the same standard of quality.
What, you mean authenticating applications based on a central certification authority? Kind of like what this does: https://msdn.microsoft.com/en-... . Or maybe you mean not allowing the installation of any applications that don't posses a preapproved certificate, in THAT case what you want is this feature over here: https://msdn.microsoft.com/en-... . God forbid you would have to learn how to manage your own certificate chains, afterall the documentation is so difficult to find: https://msdn.microsoft.com/en-... . The only thing missing is the paywall, which isn't really missing since you can pay for a third party authority to verify your certificate. But as we can see by the premise of this article that isn't actually a deterrent is it?
The difference between Microsoft and Apple is the same as it has always been. Apple forces you to follow their policies, Microsoft forces you to live with the consequences of the policies you wrote yourself.
Right, because our collective mothers and grandmothers are are thinking of, not to speak of capable of, doing anything other than what's already built in.
I think there are plenty of apps that are user friendly enough for semi-literate computer years (grandmothers or otherwise). The big problem I see holding back offsite backups is the stingy upload speeds. The FASTED upload speed I can currently get is 512k and it takes multiple calls to tech support to even find out what your upload speed it. The upload speed also barely changes, if at all, whether you go with the 1M package or the 10M package. Even if they just opened up the upload speed at night, this would help the average user have access to better online backups.
It tries but fails. Time Machine Backups are are read-only to everyone except the backupd process (which runs as root). The malware doesn't run as admin.
Microsoft bows to Hollywood and the Feds while dragging its heels while users suffer from malware.
Apple tells the Feds to take a hike and focuses its resource to kill a nasty ransomware within a day.
Go Apple!
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10