新聞對照:蘋果電腦用戶 駭客新目標


Mac ‘Ransomware’ Attack Exposes Vulnerability of Apple Users


For the first time, security experts say, a dangerous form of software called “ransomware” has successfully targeted a Mac operating system, piercing an image of safety that Apple customers had long enjoyed.

The attack, while noteworthy, affected a relatively small number of people and doesn’t mean that typical Mac users should panic, experts say.

The software, when installed on a victim’s computer, denies a user access to files unless a ransom is paid: about $400. It targets files that users would most likely find important: photos, videos, Excel spreadsheets and Word documents.

Two analysts from the California-based security firm Palo Alto Networks, Claud Xiao and Jin Chen, discovered on Friday that the ransomware was infecting downloads of Transmission, a legitimate BitTorrent file-sharing application, they said in a blog post.

About 6,500 users had downloaded the infected software over the weekend, a Transmission official told Forbes. That’s a small fraction of overall Mac users; Apple sold 5.31 million Macs in the first quarter of 2016.

Attackers had compromised Transmission’s website, changing its download link to include both the Transmission software and the ransomware, according to Ryan Olson, the threat intelligence director at Palo Alto Networks. The analysts found it about four hours after it was first uploaded, he said.

Such attacks are more common on machines running Windows, which has far more users, and have grown increasingly common in the past six to 12 months, Mr. Olson said. But even though Apple has had a good record of keeping dangerous software off computers, the successful attack could decrease user confidence, he said.

“It’s important to be aware that nothing is 100 percent,” he said in a telephone interview. “And every time we find a new one of these, that’s just another signal that 100 percent is not possible.”

Apple revoked a certificate that allowed the software to be installed on Macs, according to Reuters, and Transmission removed the download link from its website on March 5, Palo Alto Networks said.

The ransomware, named KeRanger, would “sleep” for three days after being downloaded before encrypting the victim’s files, Mr. Olson said.

Such attacks have had destructive effects, largely because they often work. In February, a hospital in Los Angeles paid hackers $17,000 in Bitcoin after its computer system was down for over a week.

Computers running Windows are often infected when users click a malicious link in an email or one hidden in an advertisement. Once their machines are infected, users often have no choice but to meet the hackers’ demands.

Mac users have historically enjoyed more security from malicious applications, Mr. Olson said. “Apple has a lot of gates in the way to prevent that from being successful,” he said.

While Apple and Transmission responded quickly to limit the damage, the episode illustrates the value of backing up important files, Mr. Olson said. The effect of ransomware is much like a laptop falling into the river — the damage can be limited if your important files exist somewhere else, he said.

蘋果電腦用戶 駭客新目標



Palo Alto網路公司威脅情報業務主管歐森表示,4日出現於Mac OS X裝置的「KeRanger」惡意軟體,是第一個能有效攻擊蘋果Mac電腦的勒索軟體。該公司指出,駭客利用受感染的知名資料傳輸軟體Transmission散步惡意程式。當Mac電腦用戶下載4日上線的Transmission 2.90版本時,電腦就會被勒索軟體入侵,「Transmission是一個開放原始碼軟體。Transmission官網可能遭駭,使檔案被換成內含惡意軟體的版本」。


Transmission也從官網撤下受感染的軟體,6日推出已移除勒索軟體的版本,並建議懷疑電腦已感染的用戶,升級到Transmission 2.92版本。

Palo Alto表示,KeRanger先在受感染的電腦潛伏三天後,才會展開攻擊,將檔案加密、讓用戶無法開,這時KeRanger會向用戶勒索1比特幣(相當於400美元)的贖金。以Mac OS X裝置為攻擊對象的勒索軟體,比Windows電腦要罕見許多,OS X迄今只有另一種為人所知的勒索軟體FileCider,但這個軟體2014年被發現時還不完整。




