Skip to main content

First Ever Ransomware on OSX

By March 11, 2016March 6th, 2023Blog, Cybersecurity

first_ever_ransomware_on__125184_229545It finally happened. Ransomware has officially made its first appearance on OSX. Anyone who downloaded version 2.90 of the “Transmission” App (which is a legitimate Bittorrent app available in the Apple Store) on or around March 4 should delete it immediately and install the clean 2.92 version.

If you’re not familiar with the term, ransomware is a very specific type of malware. Once it runs, it encrypts some or all of the files on your computer, making your data irretrievable. There are only two good ways around the problem. Either restore from backup, or pay the demanded ransom to the hackers, who will supposedly unlock the files for you once they lighten your wallet.

Given that “Transmission” is a legitimate app with a valid certificate from Apple, no one is quite sure how the ransomware made its way into the code, but the issue is being investigated. For its part, Apple has revoked the certificate that allowed the malware to install, so if you try to start the infected App, you’ll get a warning saying that it should not be opened as it will damage your system. That should prevent the great majority of the potential damage, but of course, all bets are off if you ignore the warning and run the app anyway.

If you’d like to make doubly sure that it is completely gone from your system, use Finder to look for either of the following:
“/Applications/ General.rtf” or “/Volumes/Transmission/ General.rtf”
If found, delete these files. Then, under your Activity monitor, check to see if there’s a process called “kernel_service” running. If there is, select “Open Files and Ports” and check for a file name like this: “/Users/
/Library/kernel_service”. If found, terminate this process with Quit – Force Quit, and you should be covered. While this is the first appearance of ransomware on OSX, you can bet it will not be the last. If the hackers have finally managed to find their way past Apple’s vaunted security once, it’s a sure bet they’ll do it again.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.