Apple Ransomware Case: What It Means

Apple users just got some bad news: The first successful ransomware attack against Macintosh computers was discovered this past weekend. It certainly won’t be the last. And online crooks have been targeting Windows machines this way for years. Whether you use a Mac or a PC, here’s what you need to know about this attack, and how to protect yourself.

What is ransomware?

Ransomware is a form of malware designed to extract money from individuals and small businesses by holding their data hostage. Imagine coming home to find a big padlock on your front door and a criminal standing next to it, demanding money to let you in. That's ransomware. Only instead of being locked out of your house, you're locked out of all your personal files. The next time you log on, your computer displays a ransom note saying your data has been encrypted, with instructions on how to pay to unlock it. 

Can cybercrooks really make money doing this?

Oh, yes. Ransomware is big business. Individual ransoms can range from $200 to $10,000, according to the FBI's Internet Crime Complaint Center, usually paid in the 'virtual' currency Bitcoin, which is nearly impossible to trace. The longer you wait to pay, the higher the ransom becomes. The most common ransomware, CryptoWall 3, infected more than 400,000 machines in 2015, costing users $325 million in ransom and damages, according to a report by the Cyber Threat Alliance.

Why is this particular ransomware attack significant?

Because it's the first piece of ransomware to successfully target Apple computers. Nearly all malware affects Windows machines. In part that's because Windows software has traditionally been more vulnerable than Macintosh software, but it’s mostly because Windows software is a much bigger target; Windows PCs outnumber Macs by more than 9 to 1. From now on, though, Apple users must face the fact that their machines are at risk, too.

How do you get infected?

Most ransomware infections happen when a user is lured by a bogus “phishing” email to a site that infects their computer, or by clicking on an attached file that secretly installs it. In this case, however, Mac users got infected when they installed a piece of software called Transmission 2.90, which allows them to download  large files using BitTorrent's peer-to-peer file sharing protocol. Approximately 6500 copies of the infected software were downloaded before the problem was detected—a small number in the world of malware.

How did this happen?

It's unclear. But it's possible cyber crooks hacked Transmission's Web site and replaced the good version of its software with an infected one, according to researchers at the security firm Palo Alto Networks, which discovered the problem. Apple issues certificates to software developers, which the Macintosh operating system then checks before it allows users to install the software – like a bouncer checking your ID at the door. After being notified by Palo Alto about the ransomware, Apple revoked Transmission's certificate. Transmission has since issued a clean version (2.92) of its software that removes the infected one.

How can you avoid having your data taken hostage?

You avoid ransomware the same way you avoid any malware infection: By being careful. In this particular case, that wasn't so easy. Users thought they were upgrading software they trusted. But there are things you can do to steer clear of problems. Don’t casually click a link inside an email; instead, type the Web address directly into your browser. Never open an attachment unless you were expecting to receive it and you're certain of what it is. Don't spend time in the disreputable corners of the Internet that specialize in risqué content or pirated movies; you can get infected simply by visiting a dodgy site. Never install software just because a Web site tells you to do it. And always keep a backup copy of all your personal files on a separate drive or an Internet-based backup system, like SOS Online Backup, iDrive, or Backblaze. That way, if the worst happens, you'll always have access to your most important data—cybercrooks be damned.

Copyright © 2005-2016 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission. Consumer Reports has no relationship with any advertisers on this site.