How To Stop KeRanger Ransomware, Because This Scary Program Could Hold Your Files Ransom

Imagine you turn on your computer and it asks you for $400 to boot up. Your pictures, work, applications, and files of all sorts are lost unless you cough up the cash. Does that sound like highway robbery? It's actually more like a ransom. And that's exactly what will happen should you find yourself infected with the new ransomware targeting Apple computers called "KeRanger." It takes all of a target's files and encrypts them. To decrypt and unlock your files you have to pay one bitcoin — about $405. You can protect yourself from such attacks, though.

Ransomware, as this particular type of malware is called, began to affect a larger number of users in 2013, and Palo Alto Networks, a computer security firm, says that it's one of the top threats in 2016. The firm warned of this particular version on its blog on Friday. It's the first such program to successfully attack the Apple operating system OS X. All others had been caught before being released to the public. That said, this iteration shouldn't affect many users. You can only get it by downloading the Transmission BitTorrent client, one of the most popular applications used to download games, movies, music, and other media.

How To Stop It

If you don't have Transmission installed, you should be fine. The application's download files have been replaced with updated, safe versions. Palo Alto said that since the program is open-source, the website could have been compromised and the files replaced; how that happened remains unknown, though. In any case, the ransomware files have since been removed. You should only have trouble if you currently have Transmission on your computer. Bustle has reached out to Transmission for comment, but hasn't heard back.

Specifically, watch out if you have version 2.90 of Transmission running. That's allegedly the infected version. Mashable recommends that you check the Activity Monitor and see if "kernel_service" is running. That would be a sign that you're infected. If you are running 2.90, you can quickly update to version 2.92. Doing so will remove the infected files, and you should be in the clear. Time Machine backups are also at risk, as the software seems to be under development and working on a way to encrypt them too, if connected.

Going Forward

Palo Alto also reports that Apple has explained that the certificate allowing the infected versions of Transmission to be installed has been revoked. Normally, software cannot be installed or opened without a warning unless it has a trusted developer certificate, which Apple provides. We've reached out to Apple for comment, but haven't heard back.

Until now, Mac OS X has avoided these types of attacks, which usually target Windows-based machines. Palo Alto Threat Intelligence Director Ryan Olson told Reuters in a phone interview that this is the first case out "in the wild that is definitely functional."

Prior attempts by cyber criminals had been caught before being released. Make sure you only download applications from sites and companies that you trust.