KeyRanger Ransomware As I am sure you have heard, the first recorded fully functional ransomware affecting OS X has been discovered. Dubbed “KeRanger” by Palo Alto Networks, and – giving credit where credit is due – the discoverers of this infection in the wild, it behaves much like its Windows counterparts. While the soapbox may have been lowered for some of my Mac loving peers, this shouldn’t come as much of a surprise to anyone; it was bound to happen. What is KeRanger, and how did the ransomware work? Hackers compromised a version of Transmission, an open source peer-to-peer sharing app. The attackers then placed the compromised version back on the company’s website (how, no one knows) and for a short time, users were downloading the infected installer. Once the infected Transmission application was installed, an embedded executable was placed on the system. KeRanger then waited for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. And after completing the encryption process, KeRanger demands that victims pay one BitCoin. How can BeyondTrust can prevent ransomware like KeRanger? As a security company we don’t rejoice when these stories hit the news. We do, however, plan for them. This, as well as other security related items, is what we have protected companies against for over three decades and why we released the first graphical solution to control application rights on Mac OS X platforms. PowerBroker for Mac addresses the challenges of maintaining a least privilege model on the OS X operating system. The software tracks and controls the privilege level of applications in use within your organization. This includes application control to stop untrusted applications from launching – applications like the one involved in this infection. To put this more clearly, the malware would have been denied. And to me, that sounds a heck of a lot better than surfing the dark web or figuring out how to buy a BitCoin. If you want to learn more about how to protect your Mac desktops from threats like these, check out the white paper, Closing the Privilege Gap on Mac Desktops, or contact us today!