There’s a new virus that holds your Mac for ransom, and it’s terrifying

When we think of ransoms, we typically think of handwritten notes made with cut-out letters from old newspapers, right? But if you’re an owner of a Mac computer using OS X, you might want to think twice about updating your security measures – because you could be held ransom by the scary power of a new virus that locks your computer data via encryption, then demands a £280 (that’s about 400 U.S. dollars) ransom to unlock it.

According to Palo Alto Networks researchers, the virus – which researchers have dubbed “KeRanger”– is thought to be the first of its type (“ransomware”) to target Mac computers.

“This is the first one in the wild that is definitely functional, encrypts your files, and seeks a ransom,” Palo Alto Threat Intelligence Director Olson told

According to a blog posted by Palo Alto researchers yesterday, the virus has been passed through the file-sharing program Transmission, version 2.90, which was infected the morning of Friday, March 4. Though they are unable to confirm exactly how the infection occurred, they note that Transmission’s actual website could have been compromised as well.

The blog goes on to state that, after discovering the ransomware was able to override a valid digital security certificate from an Apple developer, “Apple has since revoked the abused (digital) certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website. Palo Alto Networks has also updated URL filtering and Threat Prevention to stop KeRanger from impacting systems.”

In a nutshell, if you’re a Mac user who doesn’t have Transmission installed, you should be okay – and the powers that be are working diligently to ensure no more Mac users are infected. But if you’ve downloaded any version of Transmission and/or suspect you may have an infected computer, see the “How to Protect Yourself” section of the Palo Alto Networks blog post here. And in the meantime, be careful out there!

Filed Under