The good news for Apple this week is that the ransomware attack was contained.
The bad news for Apple is it believes that the attack — potentially the first one of its kind for Apple’s Mac computers — was reportedly downloaded 6,000 times before it was contained, according to a developer who said his Mac was affected by the malicious software.
Macs were attacked with a ransomeware called “KeRanger,” which is a software the restricts the user’s access to a computer system and demands that that user pay a ransom before they can use the device again. And, according to John Clay, a representative for the open-source Transmission project, that ransomware was downloaded roughly 6,500 times before Apple and its developer team could stop the threat.
While that may seem like a lot, the number of ransomware attacks impacting Microsoft’s Windows OS topped roughly 8.8 million attacks in 2014, according to cybersecurity firm Symantec Corp. But this initial impact on Macs could mean more to come.
“It’s a small number, but these things always start small and ramp up huge,” said Fidelis Cybersecurity Threat Systems Manager John Bambenek, as cited by Reuters. “There’s a lot of Mac users out there and a lot of money to be made.”
The first news of the ransomeware attack campaign was reported over the weekend by Palo Alto Networks Inc. The group said that the campaign was against Mac users and utilized ransomware, a rapidly growing cyberthreat, since it’s known for its widespread ability to infect computers with encrypted data that cannot be unlocked until a ransom is paid — typically, in digital currencies.
According to a Reuters report, security experts say there may be hundreds of millions of dollars a year hacked from cybercriminals using this method.
“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence Director Ryan Olson told Reuters.
An Apple representative said that it has taken action on this matter to prevent attacks through a series of security measures. This includes taking away the digital certification from an Apple developer that was believed to allow for this software to make its way onto the Macs. No further details were provided by Apple.
But, according to Olson, the malware created could encrypt files for three days post-infection. That could mean that some Mac users who become infected may not be aware of the issue, he added. His firm plans to release tips for Mac users to determine if their machines were impacted and how they can prevent the ransomware from ruining the data on them.