This is an updated article.
 

First Fully Functional Mac Ransomware Spread via Transmission BitTorrent Client

 
Mar 6, 2016 22:25 GMT  ·  By Catalin Cimpanu
 
Apple has neutralized KeRanger, for the moment
 
Researchers that looked at the ransomware's source code are also saying that KeRanger includes unfinished features which in future versions will also target and encrypt Time Machine files, making it impossible to recover files from older system backups.
 
Additionally, another unfinished feature would allow attackers to run commands on infected computers, making KeRanger a ransomware and a backdoor malware at the same time.
 
KeRanger was also using a stolen certificate to sign its code, which allowed it to bypass Apple's GateKeeper protection system. Apple has revoked the certificate in the meantime and has also updated the XProtect antivirus signature to protect future victims from getting infected with this threat.
 
On the other hand, the Transmission open-source project has removed the malicious binaries from their site and have also issued a new version of their Mac client, version 2.91.
 
Full Article

Scary indeed..This reminds me of ? Blog about Malware/Ransomeware being in the wild.
 
 
Its good  to that Apple has revoked that certificate to protect future victims from getting infected. Getting past the GateKeeper is not good....:@

Boondabah!!! Never fear Devin is here! 😉

By Mark Wilson
 

 
Ransomware is a growing problem, with businesses and individuals increasingly having their data encrypted and held to ransom. As with so many forms of malware, it has been PC users that have borne the brunt of attacks, but over the weekend it was Mac owners that were targeted by the KeRanger ransomware.
The malicious software first appeared on Friday and is said to be the first fully-functional example of ransomware aimed at Apple devices. KeRanger was found to be installed alongside the Transmission BitTorrent client, and while Apple has used its Gatekeeper security system to prevent further infections, if you have installed Transmission 2.90 there are steps you need to take to clean up your system.
As with other examples of ransomware, KeRanger encrypts files on infected systems and demands a ransom be paid to decrypt them -- in this instance the ransom was 1 Bitcoin. KeRanger was able to bypass Apple's Gatekeeper as it was signed with a valid Mac app development certificate. Palo Alto explains how it works:
 
full article

@ wrote:

@ wrote:

@ wrote:
I have a fix for this ready to be pushed live, I just have to be in the office to actually push it.  So I will have it pushed in the morning as soon as I get in.  Its pretty easy to detect so we will be able to kill it quickly. 

Great work Devin, I hope you get paid for overtime ;)

lol Salery... 

I do live at work Devin, totally on the job but yes I am on a salary as well.

Wonderful Devin! I am looking forward to reading this Blog! 😃

And here it is!

http://www.webroot.com/blog/2016/03/07/18611/

@ wrote:

@ wrote:
And here it is!

http://www.webroot.com/blog/2016/03/07/18611/

Thank you Nic, I will take a look now.

Thanks Nic! Me too will look at this!:D

Zeljka Zorz - March 9, 2016
 
KeRanger, the recently discovered first functional Mac ransomware, is a copy of Linux Encoder, the crypto-ransomware first unearthed and analyzed in November 2015 by Dr. Web researchers.
 
“The encryption functions are identical and have same names: encrypt_file, recursive_task, currentTimestamp and createDaemon to only mention a few. The encryption routine is identical to the one employed in Linux.Encoder,” explained Catalin Cosoi, Chief Security Strategist at Bitdefender.
 
Full Article

@ wrote:

@ wrote:
Zeljka Zorz - March 9, 2016
 
KeRanger, the recently discovered first functional Mac ransomware, is a copy of Linux Encoder, the crypto-ransomware first unearthed and analyzed in November 2015 by Dr. Web researchers.
 
“The encryption functions are identical and have same names: encrypt_file, recursive_task, currentTimestamp and createDaemon to only mention a few. The encryption routine is identical to the one employed in Linux.Encoder,” explained Catalin Cosoi, Chief Security Strategist at Bitdefender.
 
Full Article

This is a known issue.  I would say 95% of all Crypto cases are just clones of another type of crypto.  Most of the code for writing crypto software is open source and available to everyone that wants to google it.  This is one of the reasons you find so many varients but they all have the same structure and do the exact same thing. We are working a different process which should help stop copycats from building new varients with the same functions.
 

Hi Devin..Its good to know that you are on top of these copycats. That's interesting knowing it's an open source thus easier for this to be resolved and taken care of. Cool!

@ wrote:
Hidden Tear was on github for a long time until it was forced down but you can still contact the author for a copy of it.
https://github.com/utkusen/hidden-tear
 

It is great to know you are working on how to stop copycats from building new variants.
However it is wrong that Utku Sen who developed Hidden Tear is still giving it away even though there will be enough copies of it in the hands of the bad boys (or girls ;)).