Macs might be among the safest personal computers out there, but even they are not immune to malware, as the recent ransomware scandal demonstrates.
However, it should be pointed out that only a fraction of Apple's computers were infected. Luckily for those who did suffer the malware issue, we have a few tips to get your system back safe and sound.
First off, if your BitTorrent client is not Transmission, you are safe.
That is because the Transmission 2.9 BitTorrent client was compromised by coders who added malware lines into it. The "KeRanger" code inserted by hackers allows the software to encrypt every file in your Mac, only three days after you completed the Transmission 2.9 install. Subsequently, they are kind enough to decrypt your files for about $400 (1 bitcoin).
Just as a reminder, Transmission is a BitTorrent client that works on multiple operating systems, including OS X.
Apple's reaction
Apple wasted no time and reacted promptly.
As soon as word got out of the malware, a security certificate that Apple provided was removed. The Transmission team quickly released a new version of its software, sans the malevolent lines of code. It remains to be seen how the code gained certification in the first place.
To make sure that its customers are warned (if not protected), Transmission delivers them a notification when they try to open up the infected app.
Should you receive the messages "Transmission can't be open. You should eject the disk image" or the "Transmission.app will damage your computer. You should move it to the Trash," make sure you follow through with the steps below.
The Solution
You should know that the files that were infected were downloaded between 7 p.m. on Friday, March 4 and before 2 a.m. on Sunday, March 6. If you suspect that you caught the bug, Palo Alto Networks explains the appropriate course of action.
1. Use Spotlight or Terminal and verify if one of these two files are on your computer:
/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf.
/Applications/Transmission.app/Contents/Resources/ General.rtf
2. In case you found the files, congratulations! You are using an infected version of Transmission, which means that after you closely follow the upcoming steps, you must delete the app.
3. Open up Activity Monitor and look for a process dubbed "kernel_service."
4. If you find kernel_service running, double-click it so you see more detailed information about it. Find the "Open Files and Ports" pane on the right and open it.
5. After opening "Open Files and Ports," look for a file name that looks like this: "/Users//Library/kernel_service."
If you found it, congratulations again! You've stumbled upon KeRanger's main process.
6. Kill the process by clicking Quit, then choosing Force Quit.
7. Open up Spotlight and search for the following files inside your ~/Library directory:
.kernel_complete
.kernel_pid,
.kernel_service
.kernel_time,
Should you find any of them, delete them permanently.
Now that your system is clean of the malware, it would be wise to get rid of the infected variant of the app. You can do it yourself by following these instructions, which requires advanced proficiency. Or you could simply use an app such as AppCleaner that gets the job done for you.