How To Defend Your Mac From Ransomware Keranger

Early in March, researchers found that there is a ransomware targeting Mac users. BitTorrent software for Mac OS X has been infected by the ransomware, which is named KeRanger.

FileCoder was the only well-known ransomware targeted at Apple users, which was found in 2014. Up to now, Keranger will be the second one. The difference is that FileCoder is not so mature when it was discovered, yet KeRanger is said to be the first ransomware with complete functions.

Anyone who has just downloaded BitTorrent Transmission during 11 a.m., March 4 to 5 p.m. March 5, 2016, may get infected. Now that the ransomware KeRanger is dangerous, what Mac users can do to safeguard their machines?

As for those who downloaded Transmission through a third-party website before March, they had better carry out a security check as bellow.

  • Step 1: Search for the file named General.rtf
    Open Finder, or launch the Terminal in Spotlight on Mac computer, and then navigate to /Applications/ or alternatively, go through /Volumes/, make sure whether there is General.rtf file existing. Once found, Mac users have to completely uninstall Transmission at once.
  • Step 2: Check whether there is a process called Kernel_Service running on Mac via the Activity Monitor on Mac OS X.
    You can press down Command + Option+ Escape keys to switch on the Activity Monitor. If so, check the program again to see if there is a file stored in /Users/Library/ Kernel_Service/ via Open Files and Ports.
    /Users/Library/ Kernel_Service/ is the main file of KeRanger, thus it is strongly recommended for you to end it by clicking Quit>Force Quit.
  • Step 3: Head for ~/Library/directory, find out files .Kernel_pid, .kernel_time, .kernel_complete and also .kernel_service. Trash them once found.

To take a surefire way to protect your Mac, you can choose to completely uninstall Transmission from your Mac no matter when and where you download the App.

Leave a Reply

Your email address will not be published. Required fields are marked *