Mac Ransomware: A Brief Look At History
For years ransomware has been the bane for Windows, while Mac OS X has been under its radar. No longer this is the case as Mac OS X is been targeted by hackers as now. Infections like browser hijacker, adware, PUP are not new to Mac. But there is something more dangerous which is taking baby steps towards your Mac named Ransomware. Here we bring for a detailed information about what it is and how it affects your Mac.
What is a Ransomware?
It is a collection of malicious programs which surreptitiously slide into the computer, encrypts your personal files and ask ransom. Usually, victim is asked to pay in Bitcoin to get decryption key.
Also Read: How To Get Rid Of Malware On Mac
The Warning Bell
Rafael Salema Marques a Brazilian security researcher in 2015 demonstrated how ransomware can wreak havoc on Mac OS X. To prove this, he used a program written in C++ dubbed Mabouia and encrypted data which caused chaos. The malicious program runs on 32 rounds of XTEA block cipher and encrypts data leaving it inaccessible. Like real ransomware it generates a 128-bit private key, transmitting data to C2 server and asks for ransom to make data accessible. The researcher even added some alterations to the payment method by offering three modes of payment.
How is Mabouia executed?
The malicious code is sent out as an attachment in the email, which spreads infections once it’s downloaded and extracted. The code can also disguise into a missed delivery notification, a payroll or similar form of emails. It targets User files as special privileges are not required to make change to the data.
This example definitely raised suspicion as it was the first crypto malware which showed how Mac can be infected. But things were not taken serious the outcome of which was Keranger.
Things changed in 2016
Soon after the warning given by the researcher Mac machines witnessed real world ransomware. It emerged in early March 2016 and was dubbed Keranger.
Keranger ransomware used transmission downloader of a popular open source client BitTorrent to infect Mac OS X. Hackers succeeded in compromising the official web page and replaced the legit DMG file with the malicious one. Which resulted in infecting the Mac machine. Whosoever downloaded the malicious file became a victim.
How infection bypassed Mac security?
Hackers are smart to bypass Apple’s Gatekeeper they used valid Mac developer certificate to sign the malicious Keranger app. This made easy for the app to get into Mac. The infection sleeps for 3 days after the Mac is infected. Then, it searches the hard drive for predefined extensions, personal documents, images, videos and other important data. Once executed it then transmits all this data to a Control and Command server via Tor to get encryption key. This way the files are encrypted with 2049 bit RSA. The only way to unlock the data is by using the key that the hacker has. Victim then receives a README_FOR_DECRYPT. txt file with the instructions on how to get a decrypt key. To recover data victim is asked to pay 1 bitcoin (BTC) or around $400. As Bitcoin guarantees the secrecy of the transaction hackers prefer to get ransom in BTC.
Also Read: All about Ransomware Attacks in Mac
Development of the Ransomware Threat
It’s just tip of the iceberg other variants of Mac ransomware are on its way. You need to be more cautious. They can infect your machine in any form like browser locker or any other if not crypto ransomware. But they will surely cause havoc. The FBIPAK malware displays warning messages on Safari accusing them of illegal user activity. The page looks so genuine that anyone can be easily fooled. To resolve the issue, one has to reset Safari.
This all proves that no OS is 100% secure the only way to protect ourselves is by keeping our eyes open. Don’t rely on anything just be attentive don’t download anything for which you are not sure. Also keep backup of your data and don’t fall for any dubious tactics.