First is a story from c|net, a top-notch source for technology news, reporting the first instance of fully functional “ransomware” that attacks Macintosh computers being found “in the wild.”
Since I like to say “we speak human,” let me unpack those computerese terms.
“Ransomware” is software that scrambles (encrypts) your files, and the criminals behind the software demand you pay a ransom to get your files unscrambled. The encryption is strong enough that it’s effectively impossible to unscramble the files without the key held by the criminals. The scrambled files are useless.
“In the wild” means that the ransomware has been discovered circulating on the Internet, not just among security experts. In other words, you could become a victim.
Until now, ransomware was designed to attack Windows computers. With Windows running nearly 90% of all computers, versus about 5% for Macintosh, criminals generally haven’t felt it was worth their while to write software that attacks Macs.
C|net’s Claire Reilly was a bit sensationalist in starting off her report with, “Sorry, Mac fans. Now you're no better off than regular old PC users.” One ransomware program is nothing compared to the thousands upon thousands of malicious programs unleashed upon Windows. Still, the amount of damage that could be done by the Mac ransomware program, nicknamed KeRanger, is substantial: There were signs that a new version under development would also scramble users’ Time Machine backup files, leaving them with only two options: Lose everything, or pay the $400 ransom.
If you have Mac computers, you are unlikely to be infected though, because it appears KeRanger was circulated via a corrupted version of a program called Transmission that was available for download only on March 4 and 5. The Transmission team removed the infected software from their site soon after it was placed there, and within days, Apple made changes that automatically prevented KeRanger from running on Macs. (This was a instance where Apple could block the malicious software without users needing to do anything; often, it’s necessary to update your system software to close security holes.)
Although KeRanger surfaced six months ago, it has popped up in technical news lately along with another recent report, this one about software that can see and record everything on an Apple iPhone. An Israeli firm, the NSO Group, sells that software. With a price tag of $650,000, NSO’s spyware has been bought by governments around the world. It came to light last month when attackers tried to install it on the iPhone of a human-rights activist in the United Arab Emirates and on the iPhone of a Mexican journalist who wrote about government corruption.
You may not be a human-rights activist in a country where you legitimately should fear your government, but that doesn’t mean you’re immune. A pricetag of $650,000 isn’t too high for a criminal enterprise that wants to steal credit-card information or bank log-ins.
Two computer-security operations, Citizen Lab and Lookout, figured out how NSO is able to infect iPhones and alerted Apple, which patched the vulnerabilities in its update to iOS 9.3.5. As Lookout* writes, “All individuals should update to the latest version of iOS immediately. If you’re unsure what version you’re running, you can check Settings > General > About > Version.” This is a case where you may need to take action to keep your device safe. (*I have used Lookout software for a few years now.)
The lessons here:
- Never click links in text messages or e-mails unless you are expecting that information, even if the message looks like it comes from someone you know and trust. The “from” line of a message can be faked (“spoofed”). To visit a Web site you trust, type its address into your browser rather than clicking a link in a message; links in e-mail can be made to disguise their true destinations.
- Keep your software updated, especially system software (for example, Mac OS, Windows, or Linux on your computer; iOS, Android, or Blackberry OS on your phone).
- If you suspect your device may be infected — it slows down dramatically or behaves in other unexpected ways — you might want to have an expert check it out. I am happy to do a security scan, as are most computer repair and service providers. However, don’t trust a Web site to do such a scan unless you confirm it’s legit (I can point you to trustworthy sites); some sites masquerade as security scans, but use the access you grant them to actually install malicious code.
Bottom line: When in doubt, check it out.