Users of BitTorrent client app Transmission became the first reported victims of Mac ransomware this week. People who downloaded infected versions of the app also received “KeRanger” malware, 9to5Mac says, nefarious software that would encrypt a user’s hard drive three days after being installed and demand payment to unlock the data.
Ransomware has hit headlines in recent months — one LA hospital had to pay $17,000 to an unknown group to regain control of its computer systems in February — but Transmission’s infection marks the first time a fully functional form of this specific type of malware has been reported on OS X. Palo Alto Networks notes only one other piece of ransomware for Apple’s OS, an unfinished bit of software known as FileCoder, spotted by Kaspersky Labs in 2014 and never widely deployed.
Apple has made it so the infected app now won’t install
Apple moved swiftly to control the ransomware after it was first informed about the issue on March 4th, revoking the certificate it uses, and making it so the infected app will no longer install. The Transmission Project, which makes the open-source app, has also released a new, clean version of its software, and has recommended users upgrade as soon as possible. In the meantime, for those unlucky enough to be hit by a world-first, security experts suggest restoring a Mac system backup from before you were infected.