Among the iPhone-loving, Mac-toting public, Apple has long clung to its reputation for superior malware resistance. Yet, as their popularity increased, Apple products became more enticing targets for malware creators. Within the last 10 years, malware designed for OSX and iOS has increased exponentially; in fact, in 2015, there was more Mac malware floating around than experts had seen in the previous five years combined.
Observing this pattern, few should be surprised to learn that ransomware is becoming increasingly dangerous to Apple tech. Last March, experts found the first evidence of ransomware that could beat Mac’s legendary defenses, and since then, several more examples of Apple-specific ransomware have been found. The time has passed since Apple users could ignore malware warnings; now every Mac and iPhone user must learn about the dangers of the newest and most insidious malware, ransomware, and become protected against its attacks.
KeRanger and the First Mac Ransomware
On March 6, 2016, researchers discovered a frightening corruption in a third-party torrent installer called Transmission. Equipped with a valid Mac app development certificate, the malware could bypass Apple’s Gatekeeper protection. This malware was named KeRanger.
KeRanger remained dormant for three days ― just long enough for users to wonder how the malware infiltrated their systems. Then it launched into action, connecting with a command server and encrypting nearly all the device’s data, starting with files in /Users and /Volume and any with the most popular file extensions: .doc and .docx, .jpg and .jpeg, .mp3, .wav, .flac, .zip, .rar, .db, .eml, and dozens more. Finally, it sent users a ReadMe file, instructing them to pay one bitcoin ― which equated to over $400 at the time ― or never see their data again.
Since then, KeRanger has been added to Apple’s XProtect anti-malware definitions, but experts and Apple users continue to reel with the news of its discovery. Ransomware has existed for Windows devices for some years now, but KeRanger marked the first complete, in-the-wild case of ransomware designed for Mac use. It’s destressing that the malware infiltrated users’ computers through an otherwise legitimate third-party website, and it isn’t inconceivable that other hackers will use the same tactic in the future. Though KeRanger stands alone as the only successful Mac ransomware, most experts believe it a chilling example of the Mac malware to come.
Plus, ransomware is becoming more popular on iOS devices, as well. Though they are still quite rudimentary ― hardly locking the device and easily removed by users ― it is likely that ransomware developers will follow in footsteps of malware developers, like those who created the successful YiSpecter and Pegasus viruses. Soon, all Apple devices could suffer a storm of ransomware ― which is why it is vital to know the strategies to conquer it.
Overcoming Apple Ransomware
First, it is vital that Apple users dispose of the misconception that their platform is safe from cyberattack. Though Windows has long claimed a greater share of malware threats, Apple’s increasing popularity (and its users’ lax attitude toward security) is making it a prime target for cyber criminals.
Plus, hackers are becoming more adept at developing malware that can function across platforms, maximizing their reach. The sooner OSX and iOS users admit their vulnerability, the better.
Secondly, Apple users should avoid succumbing to the temptation to pay the ransom. Though it might seem the simplest, fastest solution, shelling out won’t necessarily return any data. Though cybercriminals will be happy to take the cash, some won’t respond with promised encryption keys, and some encryption keys might not unlock any files ― especially if the ransomware was hastily or poorly developed. Paying the ransom only encourages cybercriminals to continue attacking users with more ransomware.
Strong defenses should be every user’s first step to avoiding and overcoming ransomware. Not all antimalware programs are designed to detect ransomware, which tends to operate differently. Therefore, users should find trustworthy consumer ransomware protection, which will frequently be updated to combat emerging ransomware threats. There are mobile anti-malware options, as well. Additionally, users should regularly back up their devices using the iCloud or a physical drive.
Users who are already suffering due to ransomware should consider contacting Apple Support using official chat lines or numbers published online. Some ransomware masquerades as authorized security software, and speaking with a true Apple security expert will help users determine the severity of their situation. Some versions can be defeated, but others will make data inaccessible forever ― that’s ransomware.