KeRanger Ransomware

Posted: January 15, 2019

KeRanger Ransomware Description

The KeRanger Ransomware is a file-locking Trojan that targets OS X machines and encrypts media such as pictures, audio, video and documents. The threat uses both RSA and AES encryption for guaranteeing that the information is secure, although current releases don't target the operating system's default backups. Have your anti-malware solution of preference remove the KeRanger Ransomware before restoring your files from any appropriate backup.

File-Sharing the Wrong Kinds of Files

A rare example of an OS X-targeting Trojan is becoming available for observation with the recent compromise of a torrenting client. The Transmission BitTorrent installer, an open-source project, was infected by unknown methods, leading to the dropping of a hibernating the KeRanger Ransomware onto the victims' computers. Besides its hibernating state, which is unusually lengthy, the KeRanger Ransomware is what malware experts would consider as being a standard threat of its kind, boasting randomized encryption and cryptocurrency-oriented extortion.

The KeRanger Ransomware includes a (now revoked) digital certificate and a fake RTF file in its installation disguise, although its real format is a packed executable. Depending on the version of the program, it may or may not contact its Command & Control server in five-minute intervals while it hibernates for three days. Only after this period elapses will the KeRanger Ransomware conduct the encryption attack, which uses an RSA key and an additional layer of randomization with an AES algorithm.

The KeRanger Ransomware attacks many of the formats that malware experts already noted as being at risk against file-locker Trojans: DOCs, JPGs, MP3s, MP4s, AVIs, spreadsheets and slideshows, archives like ZIP or RAR and databases. The KeRanger Ransomware also blocks certificate (PEM) and e-mail (EML) files. Also, the 'Users' files are targets regardless of their extensions, and the results bear 'encrypted' extensions in their names.

Getting Out of the Range of New Mac Problems

The cyber-security community is developing appropriate definitions for counteracting the KeRanger Ransomware. OS X should warn the user about compromised versions of Transmission, and the site's admins have removed the Trojan-delivering variants of their installers. The users also are fortunate, in that the KeRanger Ransomware fails to take a usual precaution for its type of payload: wiping the OS's backups. Without any updates, your Time Machine backups should be available for restoring any encrypted media without any risks.

Users who are in doubt of the safety of their version of the torrenting application should search for the 'General.rtf' file that is the mislabeled executable for the KeRanger Ransomware. Other symptoms include the 'kernel_service' process and a TXT ransom message that asks for one Bitcoin for the decryptor. Most conventional, OS X-compatible anti-malware solutions should delete the KeRanger Ransomware, as well as the infected torrenting application, automatically.

Some of the KeRanger Ransomware's internal, unfinished functionality suggests to malware analysts a possibility of the Trojan's patching in a backdoor feature. As if it's not threatening enough, as it is, the future of the KeRanger Ransomware campaign could include giving remote attackers the keys to your computer, along with your files.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KeRanger Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KeRanger Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware KeRanger Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.