Mac ‘Ransomware’ Attack Exposes Vulnerability of Apple Users

By DANIEL VICTOR

For the first time, security experts say, a dangerous form of software called “ransomware” has successfully targeted a Mac operating system, piercing an image of safety that Apple customers had long enjoyed.

The attack, while noteworthy, affected a relatively small number of people and doesn’t mean that typical Mac users should panic, experts say.

The software, when installed on a victim’s computer, denies a user access to files unless a ransom is paid: about $400. It targets files that users would most likely find important: photos, videos, Excel spreadsheets and Word documents.

Two analysts from the California-based security firm Palo Alto Networks, Claud Xiao and Jin Chen, discovered on Friday that the ransomware was infecting downloads of Transmission, a legitimate BitTorrent file-sharing application, they said in a blog post.

About 6,500 users had downloaded the infected software over the weekend, a Transmission official told Forbes. That’s a small fraction of overall Mac users; Apple sold 5.31 million Macs in the first quarter of 2016.

Attackers had compromised Transmission’s website, changing its download link to include both the Transmission software and the ransomware, according to Ryan Olson, the threat intelligence director at Palo Alto Networks. The analysts found it about four hours after it was first uploaded, he said.

Such attacks are more common on machines running Windows, which has far more users, and have grown increasingly common in the past six to 12 months, Mr. Olson said. But even though Apple has had a good record of keeping dangerous software off computers, the successful attack could decrease user confidence, he said.

“It’s important to be aware that nothing is 100 percent,” he said in a telephone interview. “And every time we find a new one of these, that’s just another signal that 100 percent is not possible.”

Apple revoked a certificate that allowed the software to be installed on Macs, according to Reuters, and Transmission removed the download link from its website on March 5, Palo Alto Networks said.

The ransomware, named KeRanger, would “sleep” for three days after being downloaded before encrypting the victim’s files, Mr. Olson said.

Such attacks have had destructive effects, largely because they often work. In February, a hospital in Los Angeles paid hackers $17,000 in Bitcoin after its computer system was down for over a week.

Computers running Windows are often infected when users click a malicious link in an email or one hidden in an advertisement. Once their machines are infected, users often have no choice but to meet the hackers’ demands.

Mac users have historically enjoyed more security from malicious applications, Mr. Olson said. “Apple has a lot of gates in the way to prevent that from being successful,” he said.

While Apple and Transmission responded quickly to limit the damage, the episode illustrates the value of backing up important files, Mr. Olson said. The effect of ransomware is much like a laptop falling into the river — the damage can be limited if your important files exist somewhere else, he said.

蘋果電腦用戶 駭客新目標

資安業者指出，蘋果Mac電腦上周末歷來首次成為勒索軟體（ransomware）的攻擊目標，顯示漸受歡迎的Mac電腦已逐漸被駭客盯上。蘋果也已撤銷受感染軟體的開發商憑證，以避免用戶下載後安裝、導致程式被綁架。

勒索軟體是發展最快速的網路威脅之一，會加密感染機器的資料，接著要求用戶用難以追蹤的虛擬貨幣支付贖金，才能拿到能取回資料的電子金鑰。資安專家預估，這些網路罪犯每年透過勒索軟體獲得的贖金高達數億美元；這些罪犯通常只對微軟Windows作業系統用戶下手。

Palo Alto網路公司威脅情報業務主管歐森表示，4日出現於Mac OS X裝置的「KeRanger」惡意軟體，是第一個能有效攻擊蘋果Mac電腦的勒索軟體。該公司指出，駭客利用受感染的知名資料傳輸軟體Transmission散步惡意程式。當Mac電腦用戶下載4日上線的Transmission 2.90版本時，電腦就會被勒索軟體入侵，「Transmission是一個開放原始碼軟體。Transmission官網可能遭駭，使檔案被換成內含惡意軟體的版本」。

蘋果表示，上周末已採取行動，撤銷讓這個惡意軟體安裝在Mac電腦的數位憑證，防止這個惡意軟體進一步擴散。

Transmission也從官網撤下受感染的軟體，6日推出已移除勒索軟體的版本，並建議懷疑電腦已感染的用戶，升級到Transmission 2.92版本。

Palo Alto表示，KeRanger先在受感染的電腦潛伏三天後，才會展開攻擊，將檔案加密、讓用戶無法開啟，這時KeRanger會向用戶勒索1比特幣（相當於400美元）的贖金。以Mac OS X裝置為攻擊對象的勒索軟體，比Windows電腦要罕見許多，OS X迄今只有另一種為人所知的勒索軟體FileCider，但這個軟體2014年被發現時還不完整。

原文參照：
http://www.nytimes.com/2016/03/08/business/mac-ransomware-attack-exposes-vulnerability-of-apple-users.html

紐約時報中文版翻譯：
http://cn.nytstyle.com/technology/20160309/t09xp-ransom/zh-hant/

2016-03-04．聯合晚報．A2．話題．編譯高岱如