Mac ransomware attack casts light on a booming shadow industry

“The first widespread ransomware attack on Apple Inc. computers is drawing attention to a growing and lucrative corner of the hacking underworld where attackers encrypt and hold data hostage until they are paid to unlock the information,” Alex Webb reports for Bloomberg.

“An estimated 6,500 Macs were infected with malicious software designed to make files inaccessible to owners of desktops and laptops, according to the Transmission Project, a file-sharing software provider,” Webb reports. “The decision to target Apple’s OS X software, which is both harder to hack and less widespread than Microsoft Corp.’s Windows, underscores how attractive the practice has become, according to Clifford Neuman, who teaches cybersecurity at the University of Southern California.”

Webb reports, “‘The business model is working so well on Windows that, when they had an opportunity to do so on Mac, they did it,’ Ryan Olson, intelligence director at Palo Alto Networks, said. ‘It’s been effective to the tune of hundreds of millions of dollars a year.'”

Read more in the full article here.

MacDailyNews Note: For Transmission users only:

Transmission’s website ( states:

Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware (more information available here) is correctly removed from your computer.

Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file.

Why you should stick with the Mac App Store for safer OS X software downloads – March 8, 2016
7 steps to protect yourself from over-hyped Mac ‘ransomware’ threat – March 7, 2016
Mac users targeted in first known OS X ransomware scam – March 6, 2016


  1. The more widespread macs become, the bigger the target they present. While it likely won’t become so widespread as on windows, mal ware will become more and more common for us mac faithful.

    1. Ridiculous statements…

      Macs have long been over-represented at the higher income levels – which, all else being equal, woud be the better targets.
      And vastly under-represented in any actual attacks.

      Therefore, it’s nothing to do with the old marketshare myth. It has always been because Winblows is a much easier target.

      Malware may become more common on Macs. But I am sure it will always been a tiny, tiny number compared to Winblows.

  2. Let me see if I understand this: Cyber-criminals are now shaking-down people who routinely steal (er “share”) the intellectual property of others? How dare they!

  3. So this attack on a few Macs “casts light on a booming shadow industry” — while it going on and on and on in Windows is what…
    – hypocritically ignored?
    – considered ‘business as usual’?
    – or ‘is so common we’d better not say anything or it would destroy the company’?

  4. wait until the Governments of the world legislate ‘backdoors’ in phones, (as they’ve push forward in New York and France) and in PCs, routers, servers etc. It will be criminal hackers paradise…

    Say ‘NO’ to lower defenses, weaker encryption and backdoors.

  5. The estimated number of downloads of the malware infected version of Transmission is 6,500. The infected version was available for only a short period of time within the release period of Transmission v2.90. IOW: Having installed and run v2.90 doesn’t necessarily mean you were infected. Install and run v2.9.2 just to be sure.

    The bad security certificate came out of a company in Turkey and was presumably created for specifically the purpose of distributing this ransomware. Let’s hope they are prosecuted.

    At this time there have been no reported victims of the malware. It was dormant until yesterday (Monday) and appears to have been eradicated/deactivated thanks to Apple’s swift response within both their Gatekeeper and Xprotect security systems.

    This was NOT a case of infected warez software. The crooks broke into the download site for Transmission and replaced it with the malware version. How the download site was hacked is of course of extreme concern.

    In any case, ransomware for Mac has made its debut. Beware! And be grateful Apple is paying attention and blocking off malware from being installed and functioning on OS X.

    PROBLEM: Apple still has to harden its developer security certificate system, which is in part at fault in this situation. My current rant is that new security certificates should be issued with every new version of an application, embedding a hash value for that application. If the hash doesn’t match the application, the certificate is void. But, in this case it appears that would NOT have helped.

    1. widespread? 6,500 people? and maybe most of them were not held hostage (it takes 3 days to encrypt).

      I don’t think Webb understands the meaning of widespread. Unless he thinks that Mac OS X users are around 10,000.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.