A report from security firm Palo Alto Networks has the paranoid corners of the internet freaking out today: the first fully-functional ransomware has been found screwing up people’s Macs. But put down the emergency whiskey, and don’t panic just yet.
The news that ransomware has come to OS X isn’t good. Ransomware is a particularly nasty type of virus, which infects your computer, encrypts all your files, and then demands a monetary ransom to be paid to some mystery hacker, in return for unlocking your files. It’s been plaguing Windows users and hospitals (not mutually exclusive) for several years, so the fact that it’s spread to OS X in any form is indeed bad.
But before you go burn your electronics and move to a Farady-caged cave, it’s worth looking at the details. The ransomware was found in the latest version of Transmission, an open-source torrenting client. It’s unclear exactly how the virus got there—someone hacking the project’s website, perhaps—but the upshot is that anyone who downloaded Transmission on Friday morning also downloaded a virus. That virus lies dormant for three days, before using a Tor client to connect to a server on the internet, and start locking vulnerable files. A ransom of one bitcoin (around $400) is demanded.
Sounds bad! But here’s the good news: it’s an incredibly limited attack vector, which relies on a series of unusual circumstances, and easily detected. Users had to explicitly download and run an app in order to be affected; it’s not as simple as opening a bad email attachment or clicking the wrong thing in a browser.