Over the weekend, news broke of a nasty new piece of malware targeting Mac users. It’s “ransomware” that encrypts users’ data, making it impossible to access unless they pay a bounty to the malware’s operator.
Malware is a persistent problem on Windows machines — it’s so devastating, it has even shut down hospital networks — but this is the first time ransomware has made its way onto OS X.
The offending malware came bundled with an update to Transmission, a well-known program for downloading torrents. Unsuspecting users installed the app — only to find themselves being extorted by hackers.
So what’s it like to be targeted by ransomware? YouTuber rogueamp installed the compromised version of Transmission to find out.
First off, it's worth noting that rogueamp ran the malware in a virtual machine, a kind of simulation of OS X. This means none of his data was at risk -- so don't try this yourself.
Straight away, Transmission tries to warn the user that the version is infected, and they should update right away. (rogueamp obviously ignores this.)
When it does, it encrypts all the text and data files on the machine -- but the OS itself remains operational. You can still load apps, you just can't open any of your files.
Instructions are provided for getting the data back. Users have to pay a bitcoin ransom, and in return they are given a program that decrypts their data.
If you go to the web address provided, it prompts you to enter the bitcoin address it asks for to log in. Each victim is given a different bitcoin address, so the attacker can track who has and hasn't paid.
Here's the website once you log in. Note the bitcoin balance at the top -- it can keep track of how much you've paid. You can also submit help requests so the attacker can provided technical assistance to guide you through the ransom process.
The reason ransomware is increasingly popular is because of how successful it is. Attackers have an incentive to be as helpful as possible so users pay up -- hence the creation of sophisticated 'help desk' ticket systems. And victims can be reasonably sure that if they do pay up, they will get their data back -- because if they didn't, no-one would ever pay. In short: Ransomware works.
Business Insider Emails & Alerts
Site highlights each day to your inbox.