Securing the Digital World

Ransomware: The New Cyber Kryptonite

Mar 17, 2016 | by Heidi Bleau |

And then, there was irony. While Apple has been able to hold out against the FBI demanding it produce a backdoor into the iPhone used in the recent San Bernardino attack, it was unable to render a similar defense against a strain of ransomware that recently, albeit briefly, infected its own Mac computers.

The recent discovery of "KeRanger" ransomware insinuated into Transmission, a popular application used to download videos, music and other data over its free Mac BitTorrent, peer-to-peer information sharing client, showed even Mac users are susceptible. It wasn't immediately known how attackers were able to tamper with the application, however in a blog, it was suggested that the Transmission site was compromised and the files there substituted with re-compiled but malicious versions of the BitTorrent client.

This swap out is a common method used to compromise legitimate applications. In fact, RSA finds this same technique used quite often by cybercriminals to distribute malware through rogue mobile apps across many popular app stores.

Now, in defense of how nimble Apple is when compared to others, Apple diligently worked to find out just how this occurred in the first place (no Patch Tuesdays here), ultimately revoking a digital certificate from a legitimate Apple developer that apparently originated the rogue software to be installed on Mac computers and effectively blocking further outbreaks The result of this action limited how many Macs became infected - just three days since the malware had first reared its head on the Transmission website.

Ransomware is rapidly becoming the digital equivalent of extortion. In an especially high profile example, a Los Angeles based hospital paid $17,000 in 40 Bitcoin in order to retrieve its electronic medical records locked up by a ransomware attack in early February. Popular cyber journalist, Ericka Chickowski, also recently published an interesting piece on ransomware, citing the average extortion payment is higher than the average car payment.

Now, Apple - much like the Man of Steel himself - has seemed impervious to malware and most cyber attackers have left it alone whereas its Windows counterparts have been frequently and successfully targeted, breaking down its barriers and rendering its operating system vulnerable to infection. My fiercely loyal Mac friends who believe they are attack proof and like to bust my chops over my continued affinity for Windows products now have something to think about. While still an infrequent incident, the cyber game is changing.

Interestingly (and taking this discussion full circle), an article in Computerworld discussing this instance, included a pair of examples where security researchers, including a Brazilian based security researcher and, separately, an OS X security expert, demonstrated how they coded ransomware for Mac and delivered a proof-of-concept code on GitHub for Mac ransomware, respectively.

Given the evidence, it comes as no surprise to me that the "bad guys" are spending cycles on ways to upload ransomware to applications typically accessed by and produced for Mac computers. There is no doubt we can expect to see attackers targeting new platforms for attack with the rise of malicious apps, ransomware attacks on mobile and, significantly, non-Microsoft ones in the coming year.