Page 1 of 1

New Ransomware on Mac

Posted: Mon Mar 07, 2016 7:58 am
by fletcher
I just read an article announcing that there has been a ransomware attack on Mac computers, spread through Transmission.

I have used Transmission to download several torrents over the last few days. I know that Linux is not Apple, but they do have similarities.

Would a fresh back-up of my system be a good idea? Or do the gurus think I have nothing to worry about?

I am not a power user, just a casual Linux fan. Running Mint 17.2 Cinnamon with no dual boot at the moment. Don't want to seem paranoid, but also do not want to be in danger.

Any advice/help is appreciated.

Re: New Ransomware on Mac

Posted: Mon Mar 07, 2016 8:11 am
by Habitual
fletcher wrote:Would a fresh back-up of my system be a good idea?
Run, don't walk.
Test your backups. Don't wait for disaster.

Re: New Ransomware on Mac

Posted: Mon Mar 07, 2016 8:18 am
by Pjotr
You should *always* have backups of your important documents etc., no matter what.

Apart from that: no worries. This particular incident concerns only the Mac version, and on top of that only the Mac version which was downloaded straight from the Transmission website.

Thank God for our official software sources, is what I always say.... :mrgreen:

Re: New Ransomware on Mac

Posted: Mon Mar 07, 2016 9:02 am
by fletcher
Pjotr wrote:Apart from that: no worries. This particular incident concerns only the Mac version, and on top of that only the Mac version which was downloaded straight from the Transmission website.:
Thanks for the info. I thought that was probably the case, but I wanted to double-check. The article that I saw about the ransomware was on a news blog, not a tech blog, so they did not give a lot of detail.

Re: New Ransomware on Mac

Posted: Mon Mar 07, 2016 10:19 am
by chrisuk
Here's a more technical description of the attack, and some details of the code used:

http://researchcenter.paloaltonetworks. ... installer/

Re: New Ransomware on Mac

Posted: Mon Mar 07, 2016 12:05 pm
by Ark987
As said always backup no matter what.

Talking about that the situation is getting a bit scary now, it is basically the same type of attack used on Mint. Looks like they are realizing that web servers are at the moment the weakest link in the chain so they may become frenzy replacing installer from popular projects. It seems that in the near future we shouldn't download anything at all :?

Re: New Ransomware on Mac

Posted: Mon Mar 07, 2016 12:40 pm
by chrisuk
Ark987 wrote:As said always backup no matter what.

Talking about that the situation is getting a bit scary now, it is basically the same type of attack used on Mint. Looks like they are realizing that web servers are at the moment the weakest link in the chain so they may become frenzy replacing installer from popular projects. It seems that in the near future we shouldn't download anything at all :?
I agree that it's more of a concern than it used to be. Many years ago the "cracking" side was more for running botnets of fileservers; it wasn't often for financial reward, more for the props on various boards/communities/irc networks etc. Not saying it wasn't a bad thing, millions used fileservers on IRC for their TV episodes - Movies - Latest Software - Music; many were fileservers themselves, but they didn't know it ;) There's been other things between then and now, but none that can affect every person with an Internet connection... Mobile Phone - Tablet - Laptop - PC... well, unless you count the Government ;)

But it's not kids in their bedrooms now, it's criminal gangs, and it's all about money. Even Police Departments and Hospitals are paying the ransom... and many more pay and tell nobody.

All you can do is use the safest OS (Linux... at this moment in time), use safe browsing habits, don't install from anywhere except the Repositories, and backup everything regularly (I backup after any changes to my system, including any changes to Home)... oh, and hope it's not you next ;)

Re: New Ransomware on Mac

Posted: Wed Mar 09, 2016 5:28 pm
by Portreve
Well, if you look at all the malware that has EVER come out for the Mac OS X platform since its release in 2001 vs the list for Windows over the same period, it's a pretty stark, day-and-night kind of thing.

I agree with the comments here up-thread that you should ALWAYS have your data backed up. I'm not particularly sympathetic for those who don't.

Re: New Ransomware on Mac

Posted: Wed Mar 09, 2016 5:42 pm
by LinuxJim
fletcher wrote: I know that Linux is not Apple, but they do have similarities.
Yes. OS X is simply BSD under the hood.
fletcher wrote:Would a fresh back-up of my system be a good idea?
That's *always* a good idea. Manditory if your data is valuable to you.
fletcher wrote:Or do the gurus think I have nothing to worry about?
From this particular attack? No, there is nothing to worry about as the crack uses hard-coded paths to plant code into OS X's kernel services. These paths don't exist on Linux. But, it's simply a matter of time before the next one comes out that DOES affect Linux. The only way to combat ransomware is to have valid and recent backups.

Re: New Ransomware on Mac

Posted: Wed Mar 09, 2016 5:53 pm
by Pjotr
LinuxJim wrote:The only way to combat ransomware is to have valid and recent backups.
..... and to stick to the official repo's. :)