Researchers uncover first ransomware targeting Apple Mac users

Cyberattackers targeted Apple users over the weekend with the first known ransomware written specifically for Apple software, according to security firm Palo Alto Networks.   

Ransomware is a fast-growing threat that encrypts data on infected machines and demands that users pay a ransom in digital currencies, such as Bitcoin, to receive an electronic key so they can retrieve their data.

The most high-profile ransomware attack happened just last month when attackers struck Hollywood Presbyterian Medical Center and held its data hostage, effectively reverting the hospital back to a pre-digital state in which employees used paper records and fax machines.

While most pieces of ransomware target Windows operating systems, in this new case hackers attacked Macs through a tainted copy of a program known as Transmission, which can transfer data via the BitTorrent peer-to-peer file sharing network, Palo Alto Networks explained. Any Mac users that downloaded version 2.90 of Transmission, released on Friday, were infected with the ransomware.

"On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted," Palo Alto Networks said on its site. "We have named this Ransomware KeRanger."

Transmission responded by removing the malicious version of its software from its website and . on Sunday it released a version that it claims automatically removes the ransomware from infected Macs. Transmission users were advised to immediately install the new update, version 2.92, if they suspected they might be infected.

KeRanger is programmed to stay quiet for three days after infecting a computer, then connect to the attacker's command and control servers to start encrypting files so they cannot be accessed, Palo Alto Networks added.

"The malware then begins encrypting certain types of document and data files on the system," the company said. "After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files."

If paying the ransom seems far-fetched, hospital executives should know that's exactly what Hollywood Presbyterian was forced to do when they settled for a $17,000 ransom.