Various sites including MacRumors and Reuters: Apple users targeted in first known Mac ransomware campaign are reporting that BitTorrent client software “Transmission” for OS X was compromised such that malware was included in version 2.90.
Ransomware is a type of malware that encrypts data, demanding payment for decryption. Bad enough for personal data, but such malware could destroy a business because of the cost of the ransom. Long a problem on Windows PCs, this latest shows that OS X is not immune.
The malware was apparentely inserted and the software was signed by an APPLE-APPROVED KEY (since revoked), showing that a signed app not a security guarantee. With many thousands of developers, there are plenty of targets to compromise for hackers; obtain that Apple-approved cryptographic key and it’s smooth sailing. Once signed, OS X will happily trust the app. While Apple revoked the key in this case, it took several days, which is little solace to anyone infected.
Which brings us to key points for safe computing:
- First and foremost, install only the absolute minimum software required for your needs. Each additional software program entails additional risk, should its developer be compromised. Play the odds by minimizing such risks.
- Backup your data, cycling between multiple backup (a day, a week, a month, or similar), so in the worst case the infected computer can be quarantined and data restored onto a different computer.
- Delay most software updates for a week or two, just in case an exploit like this one occurs. Exceptions include Apple OS X security updates.
- “Free” copies of commercial software are extremely high risk. For example, downloading Photoshop from anywhere but Adobe is not only theft, but likely to infect your machine with malware (sooner or later).
Chris C writes:
Have you experience with media such as 128GB Blu-ray (for sale at OWC)? I am surprised I have not seen you mention more about this. Or maybe I should not be. Granted it is an initially inconvenient solution, but could be an important safety for protecting both work products (data, photos, publications, etc.) and precious family data (photographs).
MPG regularly discusses the importance of backups, backup strategies, cloning drives, etc. While I have a robust backup system, including backup drives in my home, at my bank’s safety deposit box, and even across the country at a relative’s home, these are all hard drives. My concern is these are mechanical, easily alterable, living media. If a virus or ransomware infects a drive, it could infect them all if I am not careful. Sandboxing a drive is one solution, but also limited with changing technologies.
Can you comment on the use of burning discs, say once a year, to create a more stable medium, insulated from such potential malware? I have terabytes of data, so the this would be volumed, but better than nothing, and better than small DVDs.
MPG: Chris makes a very good point: archival write-once media are immune to ransomware schemes. See my 2015 post Archiving Images and Data.
The OWC 128GB BluRay that Chris refers to uses quad-layer disks to achieve its capacity. MPG has no direct experience with it, but it makes a lot of sense to archive key data on a regular basis. Originals such as images fit well with this scheme; dynamically changing things like an Adobe Lightroom catalog change constantly but can still be burned regularly, along with other key data.