All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Up to 1527MB/s sustained performance
Handpicked deals...
$750 $750
SAVE $0

$950 $950
SAVE $0

$470 $300
SAVE $170

$4499 $2999
SAVE $1500

$200 $165
SAVE $35

$398 $248
SAVE $150

$4999 $4499
SAVE $500

$2199 $1999
SAVE $200

$2799 $2349
SAVE $450

$120 $120
SAVE $0

$3099 $2499
SAVE $600

$1998 $1298
SAVE $700

$249 $149
SAVE $100

$100 $60
SAVE $40

$2844 $2297
SAVE $547

$1099 $1019
SAVE $80

$899 $530
SAVE $369

$1199 $1099
SAVE $100

$1999 $1379
SAVE $620

$999 $949
SAVE $50

OS X Malware: Ransomware Encrypts Data, Demands Payment to Recover

Various sites including MacRumors and Reuters: Apple users targeted in first known Mac ransomware campaign are reporting that BitTorrent client software “Transmission” for OS X was compromised such that malware was included in version 2.90.

Ransomware is a type of malware that encrypts data, demanding payment for decryption. Bad enough for personal data, but such malware could destroy a business because of the cost of the ransom. Long a problem on Windows PCs, this latest shows that OS X is not immune.

The malware was apparentely inserted and the software was signed by an APPLE-APPROVED KEY (since revoked), showing that a signed app not a security guarantee. With many thousands of developers, there are plenty of targets to compromise for hackers; obtain that Apple-approved cryptographic key and it’s smooth sailing. Once signed, OS X will happily trust the app. While Apple revoked the key in this case, it took several days, which is little solace to anyone infected.

Which brings us to key points for safe computing:

  • First and foremost, install only the absolute minimum software required for your needs. Each additional software program entails additional risk, should its developer be compromised. Play the odds by minimizing such risks.
  • Backup your data, cycling between multiple backup (a day, a week, a month, or similar), so in the worst case the infected computer can be quarantined and data restored onto a different computer.
  • Delay most software updates for a week or two, just in case an exploit like this one occurs. Exceptions include Apple OS X security updates.
  • “Free” copies of commercial software are extremely high risk. For example, downloading Photoshop from anywhere but Adobe is not only theft, but likely to infect your machine with malware (sooner or later).

Chris C writes:

Have you experience with media such as 128GB Blu-ray (for sale at OWC)? I am surprised I have not seen you mention more about this. Or maybe I should not be. Granted it is an initially inconvenient solution, but could be an important safety for protecting both work products (data, photos, publications, etc.) and precious family data (photographs).

MPG regularly discusses the importance of backups, backup strategies, cloning drives, etc. While I have a robust backup system, including backup drives in my home, at my bank’s safety deposit box, and even across the country at a relative’s home, these are all hard drives. My concern is these are mechanical, easily alterable, living media. If a virus or ransomware infects a drive, it could infect them all if I am not careful. Sandboxing a drive is one solution, but also limited with changing technologies.

Can you comment on the use of burning discs, say once a year, to create a more stable medium, insulated from such potential malware? I have terabytes of data, so the this would be volumed, but better than nothing, and better than small DVDs.

MPG: Chris makes a very good point: archival write-once media are immune to ransomware schemes. See my 2015 post Archiving Images and Data.

The OWC 128GB BluRay that Chris refers to uses quad-layer disks to achieve its capacity. MPG has no direct experience with it, but it makes a lot of sense to archive key data on a regular basis. Originals such as images fit well with this scheme; dynamically changing things like an Adobe Lightroom catalog change constantly but can still be burned regularly, along with other key data.


MacPerformanceGuide.com
View all handpicked deals...

Samsung Galaxy Note10 SM-N970U 256GB Smartphone (Unlocked, Aura Black)
$950 $950
SAVE $0

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__