{"id":51355,"date":"2016-03-06T21:51:05","date_gmt":"2016-03-07T05:51:05","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=51355"},"modified":"2016-10-07T12:23:34","modified_gmt":"2016-10-07T19:23:34","slug":"mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/","title":{"rendered":"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-51421\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/KeRanger-Mac-Ransomware.jpg\" alt=\"KeRanger Mac Ransomware\" width=\"600\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/KeRanger-Mac-Ransomware.jpg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/KeRanger-Mac-Ransomware-150x75.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/KeRanger-Mac-Ransomware-300x150.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Mac owners who use the open source Transmission BitTorrent client are being warned that a version of the installer was distributed via the app&#8217;s official website, infected with a new family of ransomware.<\/p>\n<p>It is believed that hackers managed to compromise the installer of Transmission version 2.90 on its download site on Friday, March 4, in order to spread ransomware that researchers at Palo Alto Research have dubbed <a href=\"http:\/\/researchcenter.paloaltonetworks.com\/2016\/03\/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer\/\" target=\"_blank\">&#8220;KeRanger.&#8221;<\/a><\/p>\n<p>The outcome is that if you were unfortunate enough to install Transmission 2.90 onto your Mac, your computer may now be the digital equivalent of ticking time bomb. Because KeRanger waits three days before awaking, encrypting your documents and data files, contacting its command-and-control servers, and demanding a one bitcoin (approximately $400) ransom be paid for your data&#8217;s safe return.<\/p>\n<p>According to the researchers, the KeRanger malware also attempts to encrypt Time Machine backup files, no doubt in an attempt to make it harder for victims to recover their precious data without paying the extortionists.<\/p>\n<p>And don&#8217;t imagine that OS X&#8217;s built-in Gatekeeper protection would have saved you, as it appears that the poisoned KeRanger app was signed with a valid Mac app development certificate.<\/p>\n<p>A message on the official Transmission website confirms the threat to users, and advises that they &#8220;immediately upgrade&#8221; to version 2.92:<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter wp-image-51364\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-warning1.jpeg\" alt=\"Transmission warning\" width=\"500\" height=\"276\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-warning1.jpeg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-warning1-150x83.jpeg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-warning1-300x166.jpeg 300w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<blockquote><p>Everyone running 2.90 on OS X should immediately upgrade to 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the &#8220;OSX.KeRanger.A&#8221; ransomware (more information available here) is correctly removed from you computer.<\/p><\/blockquote>\n<p>Palo Alto&#8217;s research team report that Apple has now revoked the digital certificates that the malware attack was abusing, and updated the rudimentary XProtect anti-virus protection built into the OS X\u00a0operating system. Furthermore, the malicious downloads have now been removed from the Transmission website.<\/p>\n<p>As <em>MacRumors<\/em> <a title=\"Link to MacRumors article\" href=\"http:\/\/www.macrumors.com\/2016\/03\/06\/mac-ransomware-transmission\/\" target=\"_blank\" rel=\"nofollow\">reports<\/a>, the software is alerting users with a bright red warning when the app informs them that an update is available:<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter wp-image-51361\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-update.jpeg\" alt=\"Transmission update warning\" width=\"500\" height=\"435\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-update.jpeg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-update-150x131.jpeg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-update-300x261.jpeg 300w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<blockquote><p>Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file. Using \u201cActivity Monitor\u201d preinstalled in OS X, check whether any process named \u201ckernel_service\u201d is running. If so, double check the process, choose the \u201cOpen Files and Ports\u201d and check whether there is a file name like &#8220;\/Users\/\/Library\/kernel_service&#8221;. If so, the process is KeRanger\u2019s main process. We suggest terminating it with \u201cQuit -&gt; Force Quit<\/p><\/blockquote>\n<p>Apple has since revoked the abused certificate and updated XProtect anti-virus signature, and Transmission Project has removed the malicious installers from its website. Intego&#8217;s malware research team has also updated its <a href=\"https:\/\/www.intego.com\/antivirus-internet-security-x8\" target=\"_blank\">VirusBarrier anti-virus<\/a> definitions to detect\u00a0the ransomware, identified\u00a0as\u00a0<strong>OSX\/KeRanger<\/strong>.<\/p>\n<p>Quite how the Transmission installer package managed to become infected is as yet a mystery. One natural theory is that the attackers may have been able to exploit a security vulnerability on the website to update the binary, having recompiled its open source code after incorporating the malware.<\/p>\n<p>Reuters is <a title=\"Link to Reuters report\" href=\"http:\/\/www.reuters.com\/article\/us-apple-ransomware-idUSKCN0W80VX\" target=\"_blank\" rel=\"nofollow\">reporting<\/a> that this is the first time Mac users have been threatened by ransomware \u2014 which is a commonly encountered threat on Windows computers.<\/p>\n<p>However, that&#8217;s not quite telling the whole story. Ransomware has admittedly rarely reared its ugly head on the OS X platform, but security researchers have been warning that there is no technical reason why extortionists might not target users of Apple&#8217;s operating system just as they have on Windows.<\/p>\n<p>For instance, in 2014 researchers\u00a0warned of <a title=\"Link to Kaspersky blog post\" href=\"https:\/\/securelist.com\/blog\/research\/66760\/unfinished-ransomware-for-macos-x\/\" target=\"_blank\" rel=\"nofollow\">Mac ransomware called &#8220;FileCoder,&#8221;<\/a> which they described as &#8220;unfinished.&#8221; More recently, last November, researcher Rafael Salema Marques produced a functional proof of concept of ransomware that he called Mabouia.<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter wp-image-51367\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/mabouia.jpeg\" alt=\"Mabouia proof of concept ransomware\" width=\"500\" height=\"366\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/mabouia.jpeg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/mabouia-150x110.jpeg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/mabouia-300x220.jpeg 300w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>And two months earlier OS X security researcher Pedro Vila\u00e7a published the code of his own Mac ransomware as a warning of what was possible.<\/p>\n<p>Could this be the beginning of more ransomware attacks for Mac users? It would be a brave man who would bet against it.<\/p>\n<p>The fact is that ransomware has proven to be a successful way to extort money out of Windows users, and there is little doubt that online criminals will not be tempted to switch the threat to Mac users too \u2014 especially as there continue to be many Mac users who have fooled themselves into believing that they do not need to take basic security precautions, such as running Mac anti-virus software.<\/p>\n<p>It doesn&#8217;t matter if you are running Windows or OS X on your computer, the way to reduce the threat of ransomware blackmailing you for the safe return of your data is the same:<\/p>\n<ul>\n<li>Make regular backups of your important data, and keep them separate from your computer (to prevent the malware from trying to meddle with your backups too)<\/li>\n<li>Run up-to-date anti-virus software and keep your computer&#8217;s operating system and applications patched against the latest vulnerabilities.<\/li>\n<li>Always be suspicious of unsolicited links and attachments you are sent, and source your applications from reputable sources to reduce the chances that they have been tampered with.<\/li>\n<\/ul>\n<p>Of course, the final piece of advice is to stay on your guard.<\/p>\n<p>We know that criminals attempted to spread their OS X ransomware via a poisoned version of the Transmission app. What we don&#8217;t know is whether any other apps have been similarly meddled with, and it would be foolhardy to assume that whoever is behind this particular attack won&#8217;t try again, or won&#8217;t continue to develop their malware.<\/p>\n<p>Sadly it seems clear that ransomware has well and truly arrived for OS X.<\/p>\n<p><strong>Editor&#8217;s Update, March 7:\u00a0<\/strong>This post was originally published March 6, but we have updated it for clarity and conciseness.<\/p>\n<h3>How to\u00a0tell if\u00a0infected and remove the\u00a0ransomware<\/h3>\n<p><a href=\"https:\/\/www.intego.com\/antivirus-internet-security-x8\" target=\"_blank\">Intego VirusBarrier<\/a>\u00a0with up-to-date malware definitions detects and eradicates the ransomware as\u00a0<strong>OSX\/KeRanger<\/strong>. Of course, you may also choose to manually remove KeRanger\u00a0if your machine is infected.<\/p>\n<p>To do so,\u00a0check for this\u00a0existing process within Activity Monitor: <strong>kernel_service<\/strong>. (The infected process kernel_service starts when the Transmission app v2.90 is opened.)<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter wp-image-51436\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/kernel_service-process.png\" alt=\"kernel_service process\" width=\"500\" height=\"316\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/kernel_service-process.png 963w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/kernel_service-process-150x95.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/kernel_service-process-300x189.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/kernel_service-process-657x415.png 657w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>If this service is running, you must manually remove the ransomware as it will reload even if you force quit the service. If kerne_service is running, double-click it in order to see more information about the process, and then select the &#8220;<strong>Open Files and Ports<\/strong>&#8221; pane.<\/p>\n<p>In Open Files and Ports, check for the file name:<\/p>\n<p style=\"padding-left: 60px;\"><strong>\/Users\/&lt;username&gt;\/Library\/kernel_service<\/strong>.<\/p>\n<p>If that file exists, then you have found OSX\/KeRanger&#8217;s main process. Terminate the process using Quit &gt; Force Quit.<\/p>\n<p>Once you have force quit the process, use Spotlight to find out if any of the following files exist in the ~\/Library directory:<\/p>\n<ul>\n<li>.kernel_pid<\/li>\n<li>.kernel_time<\/li>\n<li>.kernel_complete<\/li>\n<li>.kernel_service<\/li>\n<\/ul>\n<p>If you see any of these files, delete them from your system.<\/p>\n<p>We also recommend Mac users check for any infected Transmission apps. To do so, open Terminal and enter the following commands<\/p>\n<pre>ls \/Applications\/Transmission.app\/Contents\/Resources\/General.rtf\r\n\r\nls \/Volumes\/Transmission\/Transmission.app\/Contents\/Resources\/General.rtf<\/pre>\n<p>If the Terminal returns file permission details for one of these files, you should delete the application immediately.<\/p>\n<p>Intego will continue to update this story as new information becomes available. Check back later for more details!<\/p>\n<h3><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Sadly it seems clear that ransomware has well and truly arrived for OS X.<\/p>\n","protected":false},"author":34,"featured_media":51373,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190,151,5],"tags":[2815,86,2821,109,2818],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Sadly it seems clear that ransomware has well and truly arrived for OS X.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Sadly it seems clear that ransomware has well and truly arrived for OS X.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-07T05:51:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-10-07T19:23:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Graham Cluley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg\",\"width\":400,\"height\":260,\"caption\":\"Mac users hit by rare ransomware attack, spread via Transmission BitTorrent app\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/\",\"name\":\"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#primaryimage\"},\"datePublished\":\"2016-03-07T05:51:05+00:00\",\"dateModified\":\"2016-10-07T19:23:34+00:00\",\"description\":\"Sadly it seems clear that ransomware has well and truly arrived for OS X.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/4bb722788ecdbd86fde47a5cf256bde2\"},\"headline\":\"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App\",\"datePublished\":\"2016-03-07T05:51:05+00:00\",\"dateModified\":\"2016-10-07T19:23:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#webpage\"},\"wordCount\":1185,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg\",\"keywords\":[\"KeRanger\",\"Malware\",\"OSX\/KeRanger\",\"Ransomware\",\"Transmission\"],\"articleSection\":[\"Malware\",\"Recommended\",\"Security News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/4bb722788ecdbd86fde47a5cf256bde2\",\"name\":\"Graham Cluley\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/aa9ea0686c5d1aa9086d4b12c3aa05f2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/aa9ea0686c5d1aa9086d4b12c3aa05f2?s=96&d=mm&r=g\",\"caption\":\"Graham Cluley\"},\"description\":\"Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the \\\"10 Greatest Britons in IT History\\\" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley.\",\"sameAs\":[\"https:\/\/grahamcluley.com\/\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/graham-cluley\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Sadly it seems clear that ransomware has well and truly arrived for OS X.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/","og_locale":"en_US","og_type":"article","og_title":"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App - The Mac Security Blog","og_description":"Sadly it seems clear that ransomware has well and truly arrived for OS X.","og_url":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/","og_site_name":"The Mac Security Blog","article_published_time":"2016-03-07T05:51:05+00:00","article_modified_time":"2016-10-07T19:23:34+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Graham Cluley","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg","width":400,"height":260,"caption":"Mac users hit by rare ransomware attack, spread via Transmission BitTorrent app"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/","name":"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#primaryimage"},"datePublished":"2016-03-07T05:51:05+00:00","dateModified":"2016-10-07T19:23:34+00:00","description":"Sadly it seems clear that ransomware has well and truly arrived for OS X.","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/4bb722788ecdbd86fde47a5cf256bde2"},"headline":"Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App","datePublished":"2016-03-07T05:51:05+00:00","dateModified":"2016-10-07T19:23:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#webpage"},"wordCount":1185,"commentCount":3,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg","keywords":["KeRanger","Malware","OSX\/KeRanger","Ransomware","Transmission"],"articleSection":["Malware","Recommended","Security News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/4bb722788ecdbd86fde47a5cf256bde2","name":"Graham Cluley","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/aa9ea0686c5d1aa9086d4b12c3aa05f2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa9ea0686c5d1aa9086d4b12c3aa05f2?s=96&d=mm&r=g","caption":"Graham Cluley"},"description":"Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the \"10 Greatest Britons in IT History\" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley.","sameAs":["https:\/\/grahamcluley.com\/"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/graham-cluley\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/transmission-400x260.jpeg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-dmj","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/51355"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=51355"}],"version-history":[{"count":16,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/51355\/revisions"}],"predecessor-version":[{"id":51538,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/51355\/revisions\/51538"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/51373"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=51355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=51355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=51355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}