SoylentNews is people
SoylentNews
Following closely upon the hacking of the Linux Mint website, the developers of the Transmission bittorrent client have announced that last week's 2.90 release was infected by a new form of OSX malware, OSX.keRanger.A (or "KeyRanger" as 9to5mac is calling it).
The payload appears to be the first OSX ransomware discovered in the wild. If it works, OSX.KeRanger.A should begin encrypting infected users' files on Monday, March 7. The malware seems to have been included only in downloads from the developers' website, while Transmission's internal update function (using the Sparkle framework) seems to have delivered clean updates. The developers have released two updates (2.91 and 2.92) in the past twenty-four hours to remove the infection.
Those who use Transmission on OSX should check for the following on their systems:
- a process called "kernel_service" running
- a file "Contents/Resources/General.rtf" inside the Transmission.app directory
- any of the following files in the "/Library/" directory: ".kernel_pid", ".kernel_time", ".kernel_complete" or "kernel_service"
[Update:] According to a report in ITWorld, Apple shuts down first-ever ransomware attack against Mac users.
With the help of security researchers, Apple over the weekend quickly blocked a cyberattack aimed at infecting Mac users with file-encrypting malware known as ransomware.
[...] The tainted Transmission version was signed with a legitimate Apple developer's certificate. If a Mac user's security settings are set to allow downloads from identified Apple developers, the person may not see a warning from Apple's GateKeeper that the application could be dangerous.
Apple revoked the certificate after being notified on Friday, [Security company] Palo Alto wrote. The company has also updated its XProtect antivirus engine.
After it is installed on a system, KeRanger waits three days before connecting to a remote command-and-control server using the Tor system. It is coded to encrypt more than 300 types of files.
(Score: 1) by anubi on Monday March 07 2016, @07:40AM
I remember back in the days of the Seagate ST-225, I never knew once I powered my system down, if it would come back up again. Those drives were known for "stiction" problems. Many times I used to pick up my entire machine and violently snap it in a rotary manner to free the stuck drive by breaking the disks free using rotational inertia.
If that didn't work, I would have to take the machine apart, remove the drive, and do the same with the drive out of the machine... that way I could direct more of what force I could muster on the disk assembly. If that didn't work, I would start tapping it on the desk or use an object to strike it to try to free up the platters.
I knew the disk was dying. But it wasn't dead yet. A new one at the time was about $400. This was a machine I built up from throwaways at work ( an aerospace contractor ) that showed up in the surplus store.
Seems no different today, however it isn't the probability of disk stiction that threatens your stuff on your disk... its malware like this.
The solution now is little changed from the solution then.
Keep backups!
Its a lot more difficult today to keep good backups, as a lot of code is now full of proprietary interlocks and licensing verification that is apt to fail - so I resort to disk images.
Buy several large high capacity external drives. Do not toss your old images. In the event of a "time bomb", your more recent images may have this in them, waiting to detonate just as soon as they see your clock. You may have to retrieve your executables off of an older backup and your more recent work off of a newer backup. Be very cautious of willy-nilly versioning upgrades, for in the event of a time bomb, you may find a recent executable useless - infected with a time bomb - but the older executable failing to recognize the newer files.
If you are working for yourself, you can probably protect yourself pretty well, but in the corporate world, you probably have to prance out there on the net naked as a jaybird.
I use CloneZilla these days... in the old days it was a shoebox full of floppies and extra hard drives.
Whatever you do, PLEASE do not feed these troublemakers by paying their ransom. We will just see more of it.
Statistics are on our side. We know what we are doing. There are a lot of people with political power but no technical acumen out there. Eventually some business executive will have his business nailed with the thing; and cost him a LOT of money. HE will have the political connections it takes to actually do something about stuff like this.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]