Protect yourself from the first know Ransomware for Mac.
As reported by Computerworld… “A new malware briefly flared in the Macworld this weekend but there’s only an extremely slim chance your Mac has been affected. Don’t panic at the inevitable hype: here’s how to protect yourself.
Start here: Do you use Transmission?
If you don’t, you’ll be fine.
The Transmission 2.9 BitTorrent client release was undermined by malware writers who inserted ‘KeRanger’ code that encrypts all your Mac’s files and then demands around $400 to unlock your data. It takes three days until the malware strikes, so if you are impacted, there’s probably still time.
Apple reacted swiftly. Within hours of the release an important Apple-provided security certificate was withdrawn by Cupertino and a new version of Transmission was made available that did not include the criminal code. Apple will doubtless be strenuously investigating how this code gained certification.
Meanwhile if you try to open a version of the application that is known to be infected you will be given a warning message saying either, “Transmission.app will damage your computer. You should move it to the Trash,” or, “Transmission can’t be opened. You should eject the disk image.”
What you can do
Infected files were downloaded after 7pm on Friday, and before 2am Sunday morning. If you think you may have been impacted by the bug, don’t panic, here is what you can do to protect yourself, courtesy of Palo Alto Networks.
Using either Terminal or Spotlight, check to see if either of these files exist:
/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf exist.
If those files do exist you are using an infected version of Transmission and should delete the application once you have followed the next steps.
Launch Activity Monitor and search to see if a process called ‘kernel_service’ is running.
If kernel_service is running double click it in order to see more information about the process and then select the ‘Open Files and Ports’ pane to the right.
In Open Files and Ports check for a file name that should look like: ‘/Users/<username>/Library/kernel_service’. If this exists then you’ve found KeRanger’s main process.
Terminate the process using Quit>Force Quit
You should now use Spotlight to find out if any of the following files exist in the ~/Library directory:
If you find them, delete them.
If you’re not sure about removal, or if you have Ransomware, contact your MacMyDay tech support.