Apple is, by far, known to create some of the safest and efficient devices. The company boasts its system to not be susceptible to any cyber-attacks or vulnerabilities, with being equipped with sufficient defenses against malicious codes and injections.
Popular with celebrities and other famous people, Apple devices are known to be secure, sleek, and smart! However, 2020 has come with smashing a blow to Apple’s reputation. With Jeff Bezos iPhone X becoming vulnerable to malware attacks.
However, with cyber-criminals always on the go of infiltrating security, Apple has still managed to keep its security intact. Therefore, in case malware infecting your Mac, there are some measures that you can take to try and wiggle your way out of it. However, before we proceed on with that, one key question goes on as follows:
How serious of a threat are Apple malware infections?
There is a widespread conception deeming Mac or Apple devices, in general, to be relatively secure from ransomware and other cyber infections. However, reality runs in contrast to such a notion. Primarily as most cyber-criminals tend to target Windows PC in light of the excellent user interface marking Macs to be considered safe.
Additionally, notorious malware infections, namely WannaCry and NotPetya, don’t work on Mac, considering they are solely designed to crash windows security flaws. However, in spite of this, Apple has made sure to build a highly effective defense system within MacOS. Therefore, Mac security is not something to take on lightly. But it’s still not something to rely solely upon, and having protective software is essential.
How possible is it to recover Mac from ransomware?
If you have your Mac infected with ransomware, panicking definitely won’t get you anywhere. Specifically, when data removal and data recovery options are quite feasible.
Albeit, there surely are some ransomware that makes extraction from original files from the encryption somewhat difficult without buying the purchasing key from the attackers. However, at times extracting these files is a lot easier.
Though file recovery is indeed an option with Mac, it is quite dangerous primarily as there are multiple cryptography levels involved, which makes removing the malware a task in itself.
Now to get going on saving your Mac in case of malware, it is crucial to identify it to get on with correct troubleshooting methods.
Common Mac malware and how to get rid of them
Although Apple indeed sports a sufficiently “Clean” reputation, it has, however, faced its fair share of malware infections. Although Apple has successfully patched all the security vulnerabilities so this ransomware won’t attack again, there is a possibility of similar attacks occurring again. Here are some of the common malware that has infected Apple devices in the past.
Initially, one to target gullible windows users, this website-based ransomware leeches off money from its victims. It executes through directing users to an alleged law enforcement website and locking the page down. The page only unlocks on the victim pays somewhat of a hefty fine.
This attack surfaced on macs in July 2013 by targeting Mac’s Safari browser. The victim was locked to a fake FBI page and was forced to pay a fine of $300 to unlock the page. Quitting the page is also not an option as the ransomware reloads it each time someone tries.
The only way around it apart from paying the fine is to the right click on the Safari Dock icon, and force quit it using Alt and the “force quit menu” option. Once this is done, start up Safari again by holding down the Shift key, which will stop it from loading the last page. With getting out the annoying ransomware reboot loop, clear browser history, and cache to start clean.
Hidden amidst the authorized Transmission BitTorrent client update, KeRanger encrypts files leaving behind a “README_FOR_DECRYPT.txt1” file back in the directory. The ransom demand is made of one Bitcoin
Although it seems as if decrypting files is quite impossible, but as per Palo Alto suggestions, you can surely clean up your Mac device through the following ways:
- Check to see if the Transmission app is infected using the Terminal or Finder. If it is infected, it is better to delete the app. You can do this in the following way:
“Go to Applications > Transmission.app > Contents > Resources > General.rtf”
If not that:
“Go to Volumes > Transmission > Transmission.app > Contents > Resources > General.rtf.
2. Use the “Activity Monitor” app present in OS X to see if there is any actively running “kernel_service.” In case it is, double-check the process. From there, check Open Files and Ports for a file named “/Users//Library/kernel_service.”
The presence of such a file means KeRanger’s primary process is present. To get rid of it, terminate it using Quit> Force Quit.
3. For a confirmation checkup look if files named kernel_pid, .kernel_time, .kernel_complete or kernel_service exist in ~/Library directory. If they exist, delete them.
3. File coder
Targeting specifically OS X/macOS, FileCoder not much of a threat as it is still unfinished and does not encrypt user data. However, once infected, it does annoyingly display an app window demanding a €30 ransom that faces a discount if paid through a credit card instead of WesternUnion or PayPal.
As this ransomware is still unfinished and is more of an annoyance instead of being a threat, getting rid of it is not an issue. Therefore, concrete methods of getting rid of it are still somewhat unknown. The best way around is to get rid of the most recent downloaded file, which may be a probable cause.
How to get rid of the malware?
Although there have not quite yet been massive malware outbreaks on Apple hardware, it is still best to be prepared for the worst. Relying solely on Apple protection is not really a smart move. Other protective measures need to be in place.
In case you ever get infected by malware or ransomware on Apple here are possible safety measures to make use of:
1. Stay calm and try to clean up
Panicking is not the best solution to any infection. It makes things messier and complicated. Instead, calm down and try to identify the type of malware infection. As mentioned above, once you have identified the type of malware, finding a way around, it gets easier.
Once you are aware of the infection, try to install a malware cleaning application. In addition to that, search up online on ways to decrypt your files. As most ransomware infections on Mac have been identified, finding ways to decrypt files for free are also available online.
2. Paying is not an option
Contrary to what you believe, paying up is not the way to get rid of the malware. At times, even if you pay up, criminals don’t really hand over the decryption key to you, and you are left with encrypted files and short of money. Therefore, it is better not to fall for the scam and pay.
3. Remove external backups
If you are smart enough to back up your data in external drives, it is better to remove them immediately. Primarily as some malware, like KeRanger, try to encrypt backed up files too. Therefore it is better to take immediate action and remove any external, removable hard disks so to protect your backup from infection.
4. Install a malware cleaner
Once you know how to decrypt your files, install a malware cleaner from an authentic source. Malware cleaners are software that works in the background of the devices. They search up the source files which have caused malware infections and get rid of them. This will help you completely eradicate the problem.
Stay safe from malware
Although malware attacks are sneaky and creep up at you unexpectedly, it is still possible to stay safe. All you need to do is be vigilant and take up some precautionary steps. Additionally, getting rid of malware might seem hectic, but it originally is nothing more than smart thinking being vigilant. So once online, stay aware of staying safe.