14 DAY TRIAL // Ever since the news about the first-ever fully functional OS X ransomware piece came to light over the weekend, Mac users have been fervently scanning their computers, especially those using the Transmission BitTorrent client, the app through which the ransomware spread.
All this debacle happened because the Transmission project's website was hacked, and their legitimate Mac client replaced with one that included the KeRanger ransomware.
The good news is that, according to the Transmission team, from the moment when their website was hacked and up to when the KeRanger infection was discovered, only around 6,500 users downloaded the infected binaries.
Transmission BitTorrent client for Mac 2.92 includes a KeRanger remover
The infected version was Transmission 2.90, and thanks to Palo Alto Networks, it was quickly detected and dissected. Apple also answered the bell, and thanks to a series of updates to its XProtect anti-malware suite, most Mac users were protected and the ransomware rendered harmless.
The Transmission project quickly put out a clean version of their Mac client with version 2.91 and yesterday also released version 2.92, which includes a built-in KeRanger remover.
John Clay, the Transmission spokesperson who told Reuters that only 6,500 Mac users were exposed to this threat, has also said that the project has been in close contact with both Apple and Palo Alto. It appears that the three collaborated in order to mitigate this disaster for the Mac community, who has never faced such a dangerous ransomware infection until now.
Mr. Clay has also declined to comment on how their website got hacked but says that it's been secured in the meantime.
Compared to ransomware damage on Windows, KeRanger is a joke
Taking into account that ransomware infections usually make thousands of Windows victims per week, with some gangs cashing in tens of millions from ransomware bounties per year, the KeRanger incident seems only a drop in the ocean compared to what's truly going on in the cyber-crime underground.
Since KeRanger was also set up to execute and lock files only after three days, Apple and Palo Alto's quick response allowed many users to avoid the situation where their files got encrypted, taking the entire KeRanger tally to a much lower number.
Right now, we still haven't heard anything from at least one Mac user who saw their files encrypted via KeRanger.