Palo Alto Networks has uncovered ransomware attacks aimed at Mac OS X users, believed to be the first complete such threat to Mac machines.
The 'KeRanger' attacks are low-budget so far. The attackers ask for one bitcoin to unlock the machine, around $400, but the financial demands could rise in time.
Palo Alto explained more about the threat in a blog post, noting that the malware comes from the Transmission BitTorrent.
"On March 4 we detected that the Transmission BitTorrent ailient installer for OS X was infected with ransomware just a few hours after installers were initially posted. We have named this ransomware KeRanger," the firm said.
"The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform."
Victims are infected via a torrent site called Transmission. Palo Alto said that this is an open source project, and that the website was compromised by third parties with bad intentions.
Ransomware attacks are becomingly increasingly common. The industry advice is not to pay up as it rarely removes the malware and can lead to further demands, although some organisations, including police forces, have been known to pay up.
Palo Alto has informed Apple and the Transmission people about the problem, and modified its own offerings to filter out dodgy URLs before they get to customers.
"Palo Alto reported the ransomware issue to the Transmission Project and to Apple on March 4. Apple has since revoked the abused certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website. Palo Alto has also updated URL filtering and threat prevention to stop KeRanger affecting systems," wrote the firm.
To hear more about security challenges, the threats they pose and how to combat them, sign up for V3 sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
Insecticides based on sulfoxaflor might be as bad for bees as neonicotinoids
Intel teases forthcoming new graphics card accompanied by the text "We will set our graphics free"
Think your password manager is completely secure? Think again...
ARM plans 7nm 'Deimos' for 2019 and 5nm and 7nm 'Hercules' for 2020