Mac users were hit with the first ransomware attack on OS X over the weekend. Researchers at Palo Alto Networks, an enterprise network and security firm, said malware-infected files were part of the installer for version 2.90 of the BitTorrent client Transmission for OS X.
Ransomware is a form of malware that encrypts files on a hard drive or prevents users from accessing their device. After the malware is installed, the attacker offers to send a decryption key to unlock the device in exchange for payment. The Transmission ransomware, named KeRanger, is the first fully functional ransomware found in the wild for OS X, according to Palo Alto Networks.
After being installed, the researchers said, the ransomware would wait three days before encrypting files. After completing the encryption, KeRanger would request the equivalent of $400 in Bitcoin to unlock the files.
Transmission is open-source software, and volunteers at the project released an update to Transmission that removed the infected file on March 6.
The malware was able to bypass Apple's Gatekeeper security monitor, the researchers said, noting that Apple has updated Gatekeeper to block the installers and prevent future attacks.