PDA

View Full Version : Apple Users Locked Out Of Files And Ransomed



The One
7th March 2016, 05:04
A virus is encrypting files on some Mac computers until users pay £280 for access, in the first such infection on Apple devices.

http://media.skynews.com/media/images/generated/2015/12/22/437237/default/v2/cegrab-20151222-151115-0-1-736x414.jpg

A virus which locks computer users out of their files until they pay a ransom has started targeting Apple devices for the first time.

Hackers have infected a number of Macs with "KeRanger" malware which demands owners pay one bitcoin (about £280) for their files to be unencrypted.

Users began unwittingly downloading the malicious programme as they tried to install popular software called Transmission, which is used to transfer data on BitTorrent.

The "ransomware" stays quiet for three days after infecting each computer - and then starts to make documents, photographs, videos and other precious files inaccessible.

Cyber security experts believe the "KeRanger" virus was loaded onto the Transmission website on Friday - meaning affected Apple users could start receiving ransom demands from Monday unless they immediately install an updated version of the software.

Ryan Olson from Palo Alto Networks, which uncovered the threat, told the Reuters news agency: "This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom."

An Apple spokesperson has said the technology giant has also taken steps to prevent further infections, by revoking a digital certificate which had enabled the ransomware to be installed onto Macs in the first place.

Ransomware has long been known to target users of Microsoft Windows, often generating hundreds of millions of pounds a year in revenue for cyber criminals.

Source (http://news.sky.com/story/1654713/apple-users-locked-out-of-files-and-ransomed)

Elen
7th March 2016, 10:04
This happened to a friend of mine on a XP a few years ago, who had to buy a new computer, as it all blacked out. Dead. Would you give out your banking details to these guys? :scrhd: :belief:

scibuster
8th March 2016, 09:28
On a PC:
Put / Backup your important files on a harddisk.
Pull the power cord of this harddisk.
No Virus can read /write this harddisk any more.
If you later need some of your file push in power cord of this Harddisk.
Take this file(s).
After this pull power cord again.
Or use a harddisk bay in your PC and push pull your complete harddisk..

Aragorn
8th March 2016, 10:40
Apple have apparently now remedied the problem, as you can read here (http://techcrunch.com/2016/03/07/apple-has-shut-down-the-first-fully-functional-mac-os-x-ransomware/).

Still, it once again goes to show that proprietary software comes with hidden vulnerabilities which only said software's maker/vendor can remedy. Free/Libre & Open Source Software (FOSS) (https://en.wikipedia.org/wiki/Free_software) is a lot safer in that regard. It will also contain vulnerabilities upon its initial release — all software comprised of substantial amounts of code does, especially when it's written in the C programming language (https://en.wikipedia.org/wiki/C_%28programming_language%29) (like most modern operating systems) or in Java (https://en.wikipedia.org/wiki/Java_%28programming_language%29) (like most of the software running on smartphones) — but there are many more eyes to spot the bugs and fix them, as the community helps in scrutinizing and improving the code. The annual reports by Coverity (https://en.wikipedia.org/wiki/Coverity) have consistently shown that FOSS (https://en.wikipedia.org/wiki/Free_software) contains significantly less bugs and security flaws than any comparable amount of proprietary code.

Furthermore, proprietary software may come — and in the case of Microsoft Windows and Apple OS X, does come — with deliberately built-in backdoors. With both these platforms, there is at least one backdoor which allows the operating system vendor to remotely install and/or remove software on the computer that you paid for with your own money, and they can do so without your consent.

In the event of all NT-based versions of Microsoft Windows, there is allegedly also a second backdoor which gives the NSA remote access to your computer — not to mention that the NSA also actively develops trojans and other malware by which they seek to infect the personal computers of unsuspecting consumers in order to deploy them in militarized botnets (https://en.wikipedia.org/wiki/Botnet) for cyber-warfare. This was for instance the case with the Stuxnet (https://en.wikipedia.org/wiki/Stuxnet) worm, which was co-developed by the NSA and the Mossad specifically for attacking Iran's nuclear program. And as if all of that isn't bad enough yet, Microsoft also actively sells zero-day exploits (https://en.wikipedia.org/wiki/Zero-day_%28computing%29) to the US government (and for big money) before they issue a patch to their paying customers, as you can read here (https://www.techdirt.com/articles/20130614/02110223467/microsoft-said-to-give-zero-day-exploits-to-us-government-before-it-patches-them.shtml).



The following Windows versions are all based upon the NT kernel...:


Windows NT 3.1
Windows NT 3.5 and 3.51
Windows NT 4.0
Windows 2000 (NT 5.0)
Windows XP (NT 5.1)
Windows Vista (NT 6.0)
Windows 7 (NT 6.1)
Windows 8 (NT 6.2)
Windows 8.1 (NT 6.3)
Windows 10 (NT 6.4 during its development, version-bumped to NT 10.0 for the official release)

Windows 95, 98 and ME were not NT-based, but they came with their own sets of (even graver) problems, because they still ran on top of a 16-bit "real mode" MS-DOS foundation, which had no privilege separation, with the graphical part of the software all running in the processor's 32-bit "protected mode" — which does offer separation between system processes and user processes — but with all these processes running in the highest privilege ring of the processor, totally negating the hardware's built-in privilege separation. Among other things, this made these Windows versions highly unstable, easy to infect with malware, and easy to break into, given that in addition to the low quality of the code, user applications and system processes all ran within the same memory address space with full access to the underlying hardware.

In addition to that, the DOS-based Windows versions were all designated single-user operating systems — and therefore, did not know the concept of separate user accounts with reduced privileges — and being based upon DOS, they also did not support more than one processor core, given that DOS proper didn't even support multitasking. The primitive multitasking capabilities of Windows 95, 98 and ME all came from the 32-bit "protected mode" layer which was bolted on top of the DOS 16-bit "real mode" underpinnings.



It is also not advisable to trust in and rely upon the anti-virus industry. First and foremost, they are always running about two to three weeks behind on the latest developments in malware distribution, and secondly, with their entire business depending on the existence of malware, who do you think develops this malware?

(Note: I'm not saying that all of the malware comes from the anti-virus industry, but a lot of it does, even if only as a "proof of concept" attack vector against which the industry can then develop a commercially marketed "protection suite". Sounds a lot like the Mafia's extortion tactics where shop or bar owners were charged "protection money" by the mobsters so that their establishment wouldn't get robbed or burned down, doesn't it?)