Also, when you install RansomWhere? it whitelists every app that’s already present on your Mac, and automatically trusts all apps that are signed by Apple, which means it can’t detect ransomware that abuses a signed Apple binary. Firstly, RansomWhere? can only spot ransomware after it starts encrypting files, which means you will lose access to a few files. This tool does have a few limitations that you need to be aware of.
The user can then choose to terminate the process or, if the process has a legitimate reason for creating so many encrypted files, they can allow the process to continue running. If RansomWhere? detects this kind of rapid encryption, it suspends the process responsible and presents the user with a dialogue containing the name of the process and a list of all the encrypted files it’s created. Rather than protecting you against specific ransomware threats, RansomWhere? monitors your file system for any untrusted processes that suddenly start creating encrypted files, which is a tell-sign of ransomware activity. One tool you may want to try is RansomWhere?
While Macs do feature some built-in security features, there’s no such thing as too much security , so you may want to download software that’s designed to guard against ransomware specifically. So what steps can you take to limit the chances of getting locked out of your own Mac?Ĭonsider downloading some extra protection No-one wants to permanently lose access to their most important files!
Mac ransomware is still pretty rare, which means it currently only poses a slight risk, however if you are unlucky enough to be affected by malware the consequences are serious. And realistically, Apple are probably only going to discover a new threat after it’s started affecting Mac users. While it’s comforting to know that Apple sprung into action as soon as the threat was discovered, Apple can only block malware that it knows about. Once KeRanger was identified as ransomware, Apple revoked the abused certificate and updated MacOS’ XProtect mechanism to block this particular version of Transmission. Macs are well-known for having numerous built-in security features, but KeRanger managed to slip through MacOS’ defences as it was signed with a valid Mac developer certificate. This particular version had been modified by a third party to include a General.rtf file, which turned out to be a malicious executable file masquerading as a rich-text document.Īfter sitting quietly on the user’s system for three days, KeRanger would suddenly start encrypting the victim’s files, leaving behind multiple “README_FOR_DECRYPT.txt” files containing details about how the malware’s author would hand over a decryption key in return for one bitcoin (roughly $400). KeRanger was spread via an infected version of Transmission, an open source BitTorrent client. In March 2016, you may have seen reports about “KeRanger,” which is believed to be the first time fully-functioning ransomware that found its way onto Macs.
So as a Mac user, just how worried should you be about ransomware? The hacker then demands a ransom in return for decrypting your files. Once installed on your computer, the ransomware starts encrypting your files, preventing you from accessing them. Ransomware is a type of malicious software that is typically spread via a Trojan that contains a payload disguised as a legitimate file.