Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Ransomware Attack Targets Macs

Monday, March 21st, 2016 by | Filed Under: Mac OS, Security Help

A ransomware attack targeted at Mac computers managed to affect more than 6,000 machines. That may not seem like a huge number of computers when compared to to massive attacks against some Windows machines, but it is significant. It means that Macs are on the radar of those who create ransomware, and this certainly won’t be the last attack.


The ransomware is called KeRanger. It locked up files and then demanded around $400 to unlock them.

The malware made its way onto Macs through the Transmission BitTorrent client ( a bitTorrent client allows you to distribute large files peer-to-peer).  The attackers managed to infect the installers for Transmission 2.9.


This malware had a valid Mac app developer certificate, so it was able to bypass Apple security.  If you were to install the program, it would wait for three days to strike. The malware could then begin to encrypt document and data files on your Mac. Then you would see a screen demanding that you pay around $400 to have access to your own files.  Among the files encrypted by this ransomware are documents, images, audio, music, archived files and e-mail.


Security researchers at Palo Alto Networks say they also see signs that the malware tries to encrypt the Mac’s Time Machine backup to prevent you from recovering your data.

Since Transmission is an open-source project, it appears hackers may have hacked Transmission website and replaced their original files with malicious versions.

Fortunately, this issue was discovered pretty quickly. Transmission developers removed the files and Apple revoked the security certificate for the program.

If you happened to download Transmission installer on or before March 5, it’s suggested you perform the following security checks.

Using either Terminal or Finder, check whether /Applications/ General.rtf or /Volumes/Transmission/ General.rtf exist. If any of these exist, the Transmission application is infected and we suggest deleting this version of Transmission.

Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service” (Figure 12). If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”.

After these steps, we also recommend users check whether the files “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service” existing in ~/Library directory. If so, you should delete them.

~ Cynthia

Tags: , , , , , ,

One Response to “Ransomware Attack Targets Macs”

  1. Ken Roberts says:

    Tera byte external hard drives are available for a small amount to keep all the files you have on it . That way you can wipe your hard drive clean and reinstall windows or in this case your mac windows . Google gives cloud space to put pictures and files so does Microsoft . after reinstalling windows you just go get your files and go get your files or leave them on the cloud or on the external for safe keeping. I started saving all my new files to my external .

Leave a Reply

Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.

Enter Email Address:


Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup

Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive