Jaypat

Q: Ransomeware

I have received an email from an AV company saying that Macs can now be infected by a Ransomeware attack known as OSX/KeRanger, and advising me to update to the latest version of their software. I uninstalled their software quite some time ago so is it advisable to reinstall and update? Thanks in advance.

iMac, Mac OS X (10.7.5)

Posted on Mar 8, 2016 2:21 AM

Close

Q: Ransomeware

  • All replies
  • Helpful answers

  • by Alberto Ravasio,Helpful

    Alberto Ravasio Alberto Ravasio Mar 8, 2016 2:51 AM in response to Jaypat
    Level 5 (4,070 points)
    Mar 8, 2016 2:51 AM in response to Jaypat

    Here's the whole story about KeRanger

  • by OGELTHORPE,Helpful

    OGELTHORPE OGELTHORPE Mar 8, 2016 8:15 AM in response to Jaypat
    Level 9 (52,101 points)
    Mac OS X
    Mar 8, 2016 8:15 AM in response to Jaypat

    Jaypat wrote:

    I uninstalled their software quite some time ago so is it advisable to reinstall and update? Thanks in advance.

    Do not reinstall the AV software.  Mac has already addressed this issue.

     

    Ciao.

  • by thomas_r.,Solvedanswer

    thomas_r. thomas_r. Mar 8, 2016 6:03 AM in response to Jaypat
    Level 7 (30,889 points)
    Mac OS X
    Mar 8, 2016 6:03 AM in response to Jaypat

    You have nothing to fear from KeRanger unless you downloaded and installed the Transmission BitTorrent client this past weekend. If you did, you need to delete Transmission and restart your computer immediately! That is all that is required to remove the malware. Version 2.90 of the Transmission app was infected with KeRanger.

     

    If you don't have Transmission on your computer, then you're fine.

  • by BobHarris,

    BobHarris BobHarris Mar 8, 2016 6:19 AM in response to Jaypat
    Level 6 (19,272 points)
    Mac OS X
    Mar 8, 2016 6:19 AM in response to Jaypat

    This is opportunistic Marketing on the part of the anti-virus vendor.

     

    Surprisingly the press did not totally blow this story out of proportion.  All the stories I read were quick to mention that Apple contained the outbreak quickly, and the Transmissions bit-torrent developers quickly fixed the hacked distribution, even going so far as to add code to remove KeRanger if it has been installed.

     

    And even more important, the user had to actually install something to get KeRanger, it was not installed by any self-propagating virus.  That helps slow the spread of this kind of attack.

  • by Jaypat,

    Jaypat Jaypat Mar 9, 2016 3:25 AM in response to thomas_r.
    Level 1 (10 points)
    Mar 9, 2016 3:25 AM in response to thomas_r.

    Hi Thomas

    Many thanks to you and the other contributors for your help - it's much appreciated