KeRanger Ransomware Affected Only 6,500 Mac Users

Ever since the news broke out regarding the first-ever ransomware threat targetting OS X, the users of Apple PC are fervently scanning their computers for the same, especially the ones using Transmission BitTorrent client, the app through which the ransomware spread.

fig1-500x284

The reason for all this chaos was hacking of Transmission project’s website resulting in replacement of their legitimate Mac client with the one having the KeRanger ransomware.

Transmission team was able to act in time and reports that only 6,500 users downloaded the infected binaries having KeRanger.

KeRanger remover included in Transmission BitTorrent client for Mac 2.92

Transmission 2.90 was the infected version, and thanks to Palo Alto Networks, it was quickly detected and dissected. Apple was also quick to the foray, and seeded updates to its XProtect anti-malware suite, making sure most Mac users remain protected and harmless from ransomware threat.

The team at Transmission project loaded a clean version of their Mac client with version 2.91, which was yesterday replaced with 2.92, which included a built-in KeRanger remover.

John Clay, the Transmission spokesperson who told Reuters that only 6,500 Mac users were exposed to this threat, has also said that the project has been in close contact with both Apple and Palo Alto. It appears that the three collaborated in order to mitigate this disaster for the Mac community, who has never faced such a dangerous ransomware infection until now.

There hasn’t been any comment from John clay regarding the reason behind hacking of their website. But, said that it’s been secured in the meantime.

KeRanger is a joke compared to ransomware damage on Windows

On Windows, there are thousands of ransomware victims every week, with some groups of hackers making millions in bounties per year. This incident however is not more than a drop in the ocean compared to what’s truly going on in the cyber-crime underground.

Also, the KeRanger threat was designed to execute and lock files only after three days, this ensured that Apple had good amount of time to avoid the situation where users files got encrypted, taking the entire KeRanger tally to a much lower number.

Till now, there hasn’t been a single report from user suggesting the lockdown of system or encrypted files due to KeRanger.