Mac KeRanger Turns Out to be Major Lightweight Compared to Windows Ransomware

When Apple Mac computers were hit with their very first version of a Ransomware threat, everyone was up in arms as if it were the end of the world for a secure OS X system. As it turns out, KeRanger, the ransomware threat that targeted Mac computers through a tainted version of the Transmission application, only infected about 6,500 computers.

As we have said before, Mac OS X is not nearly as targeted by cybercrooks and hackers as Windows PCs. The recent debacle with KeRanger coming onto the Apple Mac computer scene as the very first ransomware threat for OS X put everyone using such systems into a panic mode. Fortunately for them, the panic was unnecessary, and the KeRanger Ransomware threat turned out to be somewhat of a dud.

Looking into what exactly took place for ransomware to end up on Mac computers in the first place brings us to the fact that the Transmission project's website was hacked. From there, Transmission version 2.90 was exploited to carry the KeRanger ransomware threat and then infect any Mac computer that ran the contaminated software.

Thanks to the work of Palo Alto Networks, KeRanger was exposed and quickly addressed with an updated version of the Transmission (2.92) application, which assisted many of the 6,500 Mac computer users exposed the ransomware with removal. John Clay, a spokesperson from Transmission, explained to Reuters that only 6,500 Mac computer users were exposed to the ransomware threat. After the limited-number outbreak of KeRanger, Apple and Palo Alto Networks were in close contact with Transmission, which later nipped the outbreak of the ransomware in the bud.

Compared to ransomware threats that have propagated on Windows PCs as of late, KeRanger is a complete lightweight that doesn't even start to compare. Even though KeRanger would lock up files on infected Mac computers, it would have a three-day delay in doing so, which would inevitably allow computer users to successfully remove the threat without harm to their files or stored data. Such a luxury is not permitted when it comes to recent Windows PC ransomware threats, such as CryptoWall and CryptoLocker, which instantly start to encrypt files upon infection of a Windows computer.

As far as how the Transmission website was hacked in the first place, which infected their software in its version 2.90 state, the reasons have not be revealed as of yet.

It is quite possible that the reasons for hackers attacking the Transmission website to later flood Mac computers with ransomware is the root of an issue that we should all take a closer look. Until there is a definitive reason behind the spread and attack of KeRanger, we won't know how to prepare or accept the next Mac ransomware threat, which is inevitable.