Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis announces strategic partnership with Microsoft to acclerate the secure adoption of Copilot.

Learn more

With KeRanger, Mac Users Are No Longer Immune to Ransomware Threats

1 min read
Last updated April 25, 2022

Cybercriminals who previously targeted Windows operating systems with ransomware have expanded their customer base to include the Mac OS. Known as KeRanger, it’s the first ransomware variant detected that infects Mac users.

Unlike the usual methods of entry, such as phish email, KeRanger victims were instead infected through Transmission, a peer-to-peer file transfer program. Transmission has since removed the infected installers and recommended an upgrade.

KeRanger authors also had a valid Mac Developer certificate, and so they were able to bypass Apple’s Gatekeeper protection. An Apple representative said the company had taken steps to prevent further infections by revoking a digital certificate that enabled the rogue software to install on Macs.1

What happened during encryption?

Once installed, they waited three days before encrypting the victim’s files. Once activated, the ransomware connects to a Command & Control server over the TOR network and will then begin to encrypt all files under “/Users” and “/Volumes” including files like:

.doc, .docx, .docm, .dot, .dotm, .ppt, .pptx, .pptm, .pot, .potx, .potm, .pps, .ppsm, .ppsx, .xls, .xlsx, .xlsm, .xlt, .xltm, .xltx, .txt, .csv, .rtf, .tex, .jpg, .jpeg, .mp3, .mp4, .avi, .mpg, .wav, .flac, .zip, .rar., .tar, .gzip, .cpp, .asp, .csh, .class, .java, .lua, .db, .sql, .eml, .pem2

The ransom was 1 bitcoin, or approximately $400 USD.

There will be more!

When Ransom32, the first ransomware written in javascript came out during the new year, we all anticipated that ransomware that would soon infect Mac users because javascript is platform agnostic.

Expect to see more attacks on Macs because the ransomware business model has yielded large returns. How much? We’re talkin’ hundreds of millions of dollars a year.

Further reading on Prevention:

Varonis customers – if you have DatAlert, it can catch and prevent ransomware attacks. Learn more on Connect.

 

 

1http://www.reuters.com/article/us-apple-ransomware-idUSKCN0W80VX

2http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
6-prompts-you-don't-want-employees-putting-in-copilot
6 Prompts You Don't Want Employees Putting in Copilot
Discover what simple prompts could expose your company’s sensitive data in Microsoft Copilot.
generative-ai-security:-preparing-for-salesforce-einstein-copilot
Generative AI Security: Preparing for Salesforce Einstein Copilot
See how Salesforce Einstein Copilot’s security model works and the risks you must mitigate to ensure a safe and secure rollout.
dspm-buyer's-guide
DSPM Buyer's Guide
Understand the different types of DSPM solutions, avoid common pitfalls, and ask questions to ensure you purchase a data security solution that meets your unique requirements.
speed-data:-preparing-for-the-unknown-in-cybersecurity-with-ian-hill
Speed Data: Preparing for the Unknown in Cybersecurity With Ian Hill
Ian Hill, the Director of Information and Cybersecurity for Upp Telecommunications, offers his take on AI and the future of tech, shares his tricks for a good cyber defense, and explains why the best-laid plans of mice and security professionals often go astray.