KeRanger Ranomware Bombarded on Mac – Know How To Remove

 

imagesNow a days, Ransomware has been a thriving cause to be worried. Recently, this notorious ransomware virus attacked high profile hospital. Even, Apple devices are not left from its vulnerabilities. KeRanger, the most hazardous virus is going to infect huge Mac owners. Its existence infects Transmission BitTorrent client installer for OS X, on March 4. Security experts are not sure how Transmission got infected, the two conclusion were drawn. It may be possible that official site was compromised or files were replaced with by recompiled malicious version. It doesn’t need root access as it’s not come with the aim to take over system. Rather, it’s motive is encrypt files including photographs, the spreadsheets, invoices further it make efforts to sell them back to you.

Once gets loaded over the system, KeRanger give notice for three days, then starts performing encryption of documents and files on your system. In fact, it encrypts 300 different extensions, ranging from .doc to .mp3 to .jpg to .txt. After that it allows victims can regain access to their files using bitcoin, which equals a little over $400.

Source – http://www.lifehacker.com.au/2016/03/how-to-remove-keranger-ransomware-from-your-mac/

How KeRanger works?

maxresdefaultIt has been reported that the KeRanger used a valid signed Mac Developer certificate in order to bypass the protections of Apple’s Gatekeeper software. The malicious Transmission installer for the infected version 2.90 installer could be differentiated from the typical Transmission installer by an extraneous “General.rtf” file, which looked like a legitimate .RTF file. However, it was just a mask that covers Mach-O format executable file which means after introducing the app, the user doesn’t realize the malware was being copied to their system. Once copied and installed on the system, KeRanger is set to lay dormant for 3 days, and since it was created on March 4th, this means it will start activating on users’ machines on Monday, March 7th if it’s not fully removed. When KeRanger activates, it perform encrypting files across the user’s Mac and “hold them for ransom.

rescue-phto-from-Mac-OS-101One of the Mac user says –

One week ago, my PC had been hacked. It causes corruption of all my personal and official files including photos, videos and many more.  Even I lost my some of the important data.  I searched a lot to recover my lost photos and videos but didn’t find any useful tool. Then after few days, I got skillful and professional tool which perform Recovery of deleted Photos effectively with great ease. 

How Dangerous Is This?

The KeRanger is not malicious for everyone who uses Transmission app. It only affects some users who downloaded version 2.90 of the app from the Transmission website and installed it on their Macs between the times of 11:00 A.M. PST March 4th and 7:00 P.M. PST March 5th.

This version is known to have been bundled with the KeRanger ransomware by anonymous attackers, although it’s not completely understood how it got there. Speculation lands the blame on a website security breach, and a tampered-with installer may have been placed on the website shortly after.How-to-Choose-the-Best-Data-Recovery-Software

How To Prevent Mac System From KeRanger Ranomware?

1) Users are suggested to check Terminal or Finder,  /Applications/Transmission.app/Contents/Resources/ General.rtf or /Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf exist. If exist, the Transmission application is infected and you have to delete this version of Transmission.

2) Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users/<username>/Library/kernel_service” (Figure 12). If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”.

3) After these steps, we also recommend users check whether the files “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service” existing in ~/Library directory. If so, you should delete them.

For more info, visit this site – http://www.ibtimes.com/remove-mac-ransomware-how-tell-if-youre-infected-keranger-recovery-steps-2331522