The Washington PostDemocracy Dies in Darkness

This devastating type of malware has basically ignored Mac users. Until now.

(Damian Dovarganes/AP)

Apple has a reputation for building more secure operating systems than its rivals. But it looks like the company's products aren't totally immune to a devastating type of digital attack that basically takes computers hostage.

Over the weekend, researchers at Palo Alto Networks said that they had uncovered the "the first fully functional ransomware" for Apple's OS X platform.  

Ransomware is a type of malicious software. Once it infects a computer, it encrypts the files stored on the machine using a digital key the owner doesn't know — making the computer unusable. Then the malware pops up with a notification that asks victims to pay off the attackers in bitcoins or some other hard-to-track digital currency to get the key to unlock their data. It's almost like kidnapping, but for the digital life you store on your computer. And unfortunately, it's been on the rise in recent years — even hitting hospitals and police departments. But until now, ransomware had basically left Macs users alone.

After computer hack, L.A. hospital pays $17,000 in bitcoin ransom to get back medical records

The ransomware discovered and dubbed "KeRanger" by Palo Alto spread through a download of a popular open-source program called Transmission, which helps users share files online, according to a blog post Palo Alto published Sunday. Some users were infected after downloading the installer for version 2.90 of the software from the project's website when it was released Friday, the cybersecurity firm said.

The malware is programmed to lay low three days after being installed, but then start encrypting files on the computer, according to the blog post. That means those infected Friday may start to see their files become inaccessible on Monday.

Once all the files are encrypted, the malware will demand a ransom of 1 bitcoin — or roughly $400 — the blog post said.

The ransomware was able to avoid triggering some of Apple's security measures because it was signed with a valid Mac app development certificate — a bit of code meant to signal that a program is legitimate. "Apple has since revoked the abused certificate" and updated its XProtect antivirus program to block the malware, Palo Alto says, which Apple also confirmed to The Post.

Transmission's developers removed the offending version of the program from its website and issued a warning there. It also released an updated version of the software that actively attempts to remove the ransomware.

A member of the Transmission's development team told The Post that their best guess is that roughly 6,500 copies of the malicious software were downloaded, but they think Apple's quick action likely prevented many of them from actually infecting users.