Canadian Mac Forums at ehMac banner

1 - 17 of 17 Posts

·
Premium Member
Joined
·
9,103 Posts
Discussion Starter · #1 ·
The latest ransomware attck is making the news worldwide
Another big malware attack ripples across the world - Jun. 27, 2017

Is that a concern for Mac users?

What is the best way to protect against that?
Open no email attachments at all? Even ones from people you know?
That might be hard.
Backups - OK, but I don't do a back up every day.
Anything more specific?
I don't seem to be able to get much information how the hackers actually get access to the computer to lock up all files.

Any words of wisdom would be appreciated.
 

·
Premium Member
Joined
·
15,685 Posts
Yes, Macs can be affected and it may be best to just do some checking and searching on the 'net for advice. But quite unlikely for just an individual.

PS: The commercial security sites are not the best for accurate information. Even for Mac users.

Bottom line, have and keep several overlapping complete backups or bootable clones which a user should have already if they have any data that needs to be preserved.

Try a search on your subject:
Ransomware 27 June 2017 - Is it a concern Mac
https://www.google.ca/search?client...&oe=UTF-8&gfe_rd=cr&ei=dGVUWYPXI-fe8AfWpa6ICA


PS: I'm a bit surprised that there was no other posts but then again. its not a stupid political question or statement that this place seems to be heading up. :( :eek:
 

·
Premium Member
Joined
·
9,103 Posts
Discussion Starter · #3 ·
I haven't opened and read every link that google brought up but the only one specific to the Mac that I saw was the ransomware via the Transmission application about a year ago.
The current ransomware that has been making the news in the last weeks or so uses a vulnerability of a not quite up-to-date version of Windows.

Are there any known vulnerabilities of either Mac OS 10.6.8 or 10.11.5?

PS: I was surprised as well that nobody commented sooner - have all the Mac fans moved to a different forum?
 

·
Premium Member
Joined
·
17,780 Posts
The current exploit does seem to be Windozed based.

MS seems to deliberately embed vulnerabilities to allow the various three letter acronyms an easy back door. Then spends the rest of the life of the system trying to patch the holes after they become common knowledge.

Does not help when NSA or HSA types leak the hacking tools!

As always a good rotating data back up method is a must. Personally I do not like the continually expanding sparse image variety as what do you do if your lone back up is also corrupt? I even go old school and maintain my data on a secondary partition. That way the OS gets a back-up clone (or disk image) as needed and most data can be backed up with a simple drag and drop.

I do monthly data back-ups to a secondary HD, and use thumb drives to keep any ongoing projects safely backed on a daily basis.
 

·
Premium Member
Joined
·
17,976 Posts
I've been having a helluva time getting anyone to take this seriously in our department. The tech just doesn't see it as a "real" threat, despite the very obvious fact that our network (both our dept. and the university network in general) is managed by two blind chipmunks. I would have thought that the attack at the University of Calgary would have been enough to push people to action, but...

That said, if you're relatively clued-in about the dangers of phishing, surf safely, and don't do silly things like give your admin password to any old app that wants to install something on your computer, then you're pretty safe. As pm-r noted above, the easiest path to prevention is in a decent backup scheme that you actually abide by.
 

·
Premium Member
Joined
·
15,685 Posts

An interesting link when I get this screen shot shown below:
(Man, it's almost impossible to do anything even close to WYSIWYG with this forum site. :-( )



But regardless, that article is old, "By John Leyden 7 Mar 2017 at 14:00" and those older variants got killed off.

And also the UK and its servers seemed to have been the hardest hits, but one must always be cautious as the *&%$#%$ hackers seem to get some of their jollies from infecting what then can and get away with it.
 

Attachments

·
Premium Member
Joined
·
15,685 Posts


Until some user's "cleanup app" deletes the empty folder.
The simple antidote to the Petya ransomware, which stops computers from being able to launch and demands a $300 (£234) payment, uses an empty folder to block the virus from working. [end quote]


Now the question is I guess, where does one obtain a trusted version of the antidote to the Petya ransom ware???

I didn't find much here:
antidote for Petya ransomware
https://www.google.ca/search?client...&oe=UTF-8&gfe_rd=cr&ei=CYtWWYbxFere8Af7oYHwDw

Anyone know of a trusted free source??


EDIT:

PS: The empty folder block seems to just be a temp fix and is for Windows OS users only. Not much mention about Macs or OS X.
How To Remove Petya Ransomware - A Simple Guide If You Have Malware
 

·
Premium Member
Joined
·
15,685 Posts
An interesting comment about OS X being exempt from attack. so far anyway:


Splork gotta • 2 days ago

Odd that the attack vector uses a MS protocol, don't you think? Even more odd is that there has not been a single ransomware attack that has infected literally thousands of Macs or Linux machines. Also, there are way many more Linux based devices on the Internet than Windows. And Mac users generally have a lot more money than Windows folks who complain that Macs are "too expensive," so these folks represent a more lucrative target.


Apple's iPhone turns 10: Here's how the device impacted business, work | ZDNet
 

·
Premium Member
Joined
·
9,103 Posts
Discussion Starter · #11 ·
An interesting comment about OS X being exempt from attack. so far anyway:


Splork gotta • 2 days ago

Odd that the attack vector uses a MS protocol, don't you think? Even more odd is that there has not been a single ransomware attack that has infected literally thousands of Macs.........


Hmmm....the ransomware attack that was downloaded with the Transmission app directly from the developers site doesn't count?
 

·
Registered
Joined
·
807 Posts
An interesting comment about OS X being exempt from attack. so far anyway:


Splork gotta • 2 days ago

Odd that the attack vector uses a MS protocol, don't you think? Even more odd is that there has not been a single ransomware attack that has infected literally thousands of Macs or Linux machines. Also, there are way many more Linux based devices on the Internet than Windows. And Mac users generally have a lot more money than Windows folks who complain that Macs are "too expensive," so these folks represent a more lucrative target.


Apple's iPhone turns 10: Here's how the device impacted business, work | ZDNet

Well two weeks ago a South Koren Web hosting company paid $1mil of bitcoin to get their Linux Servers back... they ported a version of "Erebus" from Windows to work on Linux, and brought these guys down.

Now... i read another article last week (which i can't find it has way more details then what I am about to post), but reports are the kernel on these boxes was compiled in like 2008 and they were running ancient flavours of Apache and PHP on it.. so there were holes all over the place.... but still they crippled Linux via Ransomware.

https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/

BReligion
 

·
Premium Member
Joined
·
15,685 Posts
they ported a version of "Erebus" from Windows to work on Linux, and brought these guys down.

Interesting and I'm sure there are lots of exceptions to the more or less casual comment mentioned above out there in the Internet world.


Hmmm....the ransomware attack that was downloaded with the Transmission app directly from the developers site doesn't count?
Somehow, I would suspect that they would be using something well beyond what Transmission can do. The name of the can-be-nasty P2P protocol escapes me at the moment, but I would suspect similar software would be used, but I sure don't know.
 

·
Premium Member
Joined
·
9,103 Posts
Discussion Starter · #14 ·
Somehow, I would suspect that they would be using something well beyond what Transmission can do. The name of the can-be-nasty P2P protocol escapes me at the moment, but I would suspect similar software would be used, but I sure don't know.
I'm not sure what you are trying to say.

Embedding the ransomware malware within an update of Transmission I thought was pretty smart - especially since it was in the Transmission download from the developer's site.
That would bypass pretty much all the standard Mac defences.
 

·
Premium Member
Joined
·
15,685 Posts
especially since it was in the Transmission download from the developer's site.

I'm not sure where you read or found that info.


That would bypass pretty much all the standard Mac defences.

I don't think so as sitting in some download folder isn't the same thing as opening the file and/or installing it. Even then it would have to overcome the Mac's SIP and Gatekeeper protection. And that's pretty doubtful it could get pass that, at least not without some admin user's intervention.




- Patrick
======
 

·
Premium Member
Joined
·
9,103 Posts
Discussion Starter · #16 ·
I remember the "Transmission issue" vaguely but I came across the details again when I was doing a google search for ransomware on the Mac.

The ransomware was in Transmission 2.90 that people downloaded from Transmissionbt.com. That download had an official Apple digital certificate.

So if I had used Transmission - downloaded the updated software from the Transmission website, I would have happily provided my admin user name and password and installed it - no reason not to - everything was legit, or at least it seemed to be.
 
1 - 17 of 17 Posts
Top