OSX.Keranger Detected on Mac OS X on March 5, 2016
Potential Risk Involved
Precautions on preventing Ransomware attacks.
- Users must keep their operating system and other recommended software up-to-date. This will fill the vulnerabilities that could compromise the software and attackers could not be able to find any flaws to get inside.
- Keep a regular back up of your important files stored on your computer. Thus, if your computer gets infected with ransomware, those can be restored once the malware has been removed.
- Always keep your security software up to date to protect yourself against any new variants of malware.
- Do not open ant suspicious mail or its attachments, ignore clicking on untrusted websites or links.
How to detect OSX.Keranger on the Mac PC
It is strongly suggests that all Transmission BitTorrent app users should check whether their Macs have been infected with the aforementioned ransomware. We strongly recommend following the steps below.
- Use the Finder or Terminal to determine whether any of the paths exist:
If you find any of the above mentioned paths, delete the Transmission application as soon as possible.
- /Applications/Transmission.app/Contents/Resources/ General.rtf or
- /Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf exist.
- Open the Activity Monitor utility and check if any process called “kernel_service” is running.
Double check each process, click “Open Files and Ports” and make sure that you don’t see“/Users/<username>/Library/kernel_service”. That’s the main process of KeRanger, so in case you have it running, choose“Quit > Force Quit”.
Check the “.kernel_pid”, “.kernel_time”, “.kernel_complete”, and “kernel_service” files in the ~/Library folder. If you locate any of these, delete them.
Note: If you are not aware of the internal structures of the files then, please do not attempt the manual instructions as it could harm other files on the computer.