This is what it's like to be infected with the first 'ransomware' virus for Macs
First off, it's worth noting that rogueamp ran the malware in a virtual machine, a kind of simulation of OS X. This means none of his data was at risk — so don't try this yourself.
rogueamp starts by booting up Transmission as normal.
Straight away, Transmission tries to warn the user that the version is infected, and they should update right away. (rogueamp obviously ignores this.)
The malware waits three days to take effect.
When it does, it encrypts all the text and data files on the machine — but the OS itself remains operational. You can still load apps, you just can't open any of your files.
Instructions are provided for getting the data back. Users have to pay a bitcoin ransom, and in return they are given a program that decrypts their data.
If you go to the web address provided, it prompts you to enter the bitcoin address it asks for to log in. Each victim is given a different bitcoin address, so the attacker can track who has and hasn't paid.
Here's the website once you log in. Note the bitcoin balance at the top — it can keep track of how much you've paid. You can also submit help requests so the attacker can provided technical assistance to guide you through the ransom process.
If you've already been infected, there's no known way to get your data back without paying the ransom. But if you're just worried, then the most recent updates for OS X should protect you.
The reason ransomware is increasingly popular is because of how successful it is. Attackers have an incentive to be as helpful as possible so users pay up — hence the creation of sophisticated "help desk" ticket systems. And victims can be reasonably sure that if they do pay up, they'll get their data back — because if they didn't, no-one would ever pay. In short: Ransomware works.
Here's rogueamp's full video:
http://www.youtube.com/embed/Qd_c-ZFcUSs
Width: 560px
Height: 315px
Popular Right Now
Advertisement