You may have heard of WannaCry, software of recovery that crippled the NHS computers (public health service in the United Kingdom) in May 2017, or by Petya's attack on the horizon which took place in late June 2017.
Usually, the Windows computers that are affected are software malicious, however, you may have doubts: can my Mac be at risk ?, should I do something to protect my computer?
In this article we gather all you need to know and tips to follow to improve security on your Mac. You can also read this article where we explain How to remove virus from Mac for free.
And if you need information to know what the best antivirus to install on your Apple computer, then we recommend reading our guide the best antivirus for Mac in 2019.
What is a on the horizon?
Before examining the different cases of on the horizon hackers for Mac computers, we'll explain what it is on the horizon actually.
It's kind of an attack that comes up malware where your files are encrypted against your will and a save request tells you to pay a fee if you want the files to be rewritten.
As mentioned before, on the horizon It's frustrating for Windows users, where WannaCry and Petya are well-known examples in that forum, but is it something they have to worry about when using a Mac?
Yes, when using Windows on a Mac, you obviously have to be careful as you would if you were running Windows on a PC, but if you're using MacOS, it's normal to assume that Apple has a series of built-in security mechanisms that should protect you.
However, unfortunately, Macs are also affected by the attack on the horizon, although it is also true that they are not as common as Windows computers.
Can Macs have on the horizon?
Macs are infected with the virus on the horizon? Have there ever been cases where Mac computers were infected by a on the horizon?
Yes, there have been instances where Mac computers have been infected software, but none of them caused major outbreaks and few or no Macs were affected.
However, the cases presented below make for an interesting read to know how it will turn out in the future on the horizon.
1. FBI scam (July 2013)
For more than a decade, on the horizon Web pages have attempted to exclude Windows users by blocking a web browser from a website that is allegedly abusing the law. However, this was always just something and easy to fix.
But in July 2013, security researchers discovered a similar scam aimed directly at Mac & # 39; s Safari browser. The user has been blocked from the fake FBI page for a chat box that did not allow you to leave the site, and demanded a $ 300 fine to open the system.
Leaving the browser is not possible. When a user leaves Safari, the page on the horizon It will automatically repeat itself the next time Safari launches.
Since then, Apple has programmed Safari on Mac and iPhone / iPad to make it harder on the horizon in the browser as described. However, you can find examples of less toxicity.
How to clean up FBI scams and their diversity
You can force Safari exit by right-clicking on the Dock icon, holding the & # 39; Alt & # 39; s key and selecting the menu option & # 39; Force exit & # 39 ;.
Then start Safari while holding the & # 39; Shift & # 39; This will prevent Safari from loading the last page you opened, which prevents annoying reset of The Atonement
2. FileCoder (June 2014)
Security investigators found and pointed to FileCoder through the Virus Total virus discovery website, though at that time FileCoder was old, as it was first discovered by a scanner.
Targeted specifically for OS X / macOS, FileCoder is endless and no longer a threat, since it does not encrypt user data. It shows an application window that requires a € 30 ransom (in total, this is reduced to € 20 if you use a credit card instead of PayPal or Western Union).
The source of the FileCoder is still unknown, and how it was intended to be distributed.
How to Clean FileCoder
Because FileCoder was only found once, we have no information on how it works, and therefore, how to clean it. However, because of this, it should not be considered an effective threat.
3. Gopher (September 2015) and Mabouia (November 2015)
Two security researchers, working independently, separately created Gopher and Mabouia, two examples on the horizon aimed directly at Macs.
However, they are both evidence of showmanship, for the purpose of showing that on the horizon For Mac it is totally possible.
Aside from the copies being shared with security investigators to learn from, none of them have left the investigators' computers, so they cannot be distributed.
How to clean Gopher or Mabouia
Because they are both proof of concept and have never spread, it is impossible to say what the infection is on the horizon created by Gopher or Mabouia can be repaired.
4. KeRanger (March 2016)
Security investigators find and point on the horizon KeRanger in an authorized update of the BitTorrent Transfer Client.
The first real example on the horizon on Mac, in this case the creators on the horizon They have made a clear attempt to create a real threat.
KeRanger is signed with an authorized security certificate, so it's not restricted by the MacOS Gatekeeper security system, for example. KeRanger hides the files and leaves the file & # 39; README_FOR_DECRYPT.txt & # 39; in the directory where the recovery request is made (BitCoin type; approximately 1,338.62 euros).
How to clean the KeRanger
We understand that you cannot reissue the files. Anyway, if you're worried that on the horizon It is possible that KeRanger infected your Mac, in the way that security researchers found, Palo Alto, suggested that you clean it:
- Using a terminal or Finder, check if there is / /Application/Transication.app/Contents/Resource/General.rtf & # 39; or & # 39; /Volumes/Transuction/Transication.app/Contents/Resource/General.rtf. & # 39; If any of them, the & # 39; Explication & # 39; App is infected with this disease, so we suggest you remove this version of & # 39; Transfer & # 39;
- Using & # 39; Activity Monitor & # 39; preinstalled in OS X, check if the process called & # 39; kernel_service & # 39; it works. If so, re-evaluate the process, select & # 39; Open files and ports & # 39; and check if there is a file name like & # 39; / Users // Library / kernel_service & # 39 ;. If so, the process is the primary process for KeRanger. We suggest you finish it with & # 39; Uninstall> Force Exit & # 39 ;.
- After these steps, we also recommend that users check whether the ker .kernel_pid, .kernel_time, .kernel_complete & # 39; or file & # 39; kernel_service & # 39; are available in the & # 39; ~ / Library & # 39;. If so, you must remove them.
5. Filezip, also known as Patcher (February 2017)
Security investigators find and point on the horizon Filezip pretends to be "patching" requests that can be downloaded from copyrighted sites.
Patcher's applications are intended to change illegally software popular commercial products such as Adobe Photoshop or Microsoft Office, for use without the purchase and / or use of the license code.
When a user tries to run a patch application, Filezip installs the user's files and files a & # 39; READ MORE! .Txt & # 39 ;, & # 39; DECRYPT.txt & # 39; or & # 39; HOW_TO_DECRYPT.txt & # 39; for each folder where recovery is required (0.25 BitCoin; about 335 euros).
In particular, as with many examples of on the horizon On Windows, Filezip can't eliminate files, so paying a ransom is unrealistic.
How to clean Filezip
Simply remove the pool file from your hard drive. Malwarebyte security company has since found out how to spray files affected by Filezip for free, although the process is complicated.
Can Macs be contacted by WannaCry?
In short, no. WannaCry is taking advantage of an error in the Microsoft Windows file sharing system, a technology called SMB.
When WannaCry connects to a single computer on the network – usually because someone has opened malicious email attachments – it uses an SMB error to install on all other computers on the unoccupied network.
Macs also use SMB as the default file sharing technology, so don't think that Macs can be affected as well.
However, Apple is using its own custom implementation of SMEs. Although this works perfectly with the Microsoft version, it doesn't suffer from the same errors or security holes, so it's not affected by WannaCry – or at least not visible in the current WannaCry display.
IPhone, iPad, Apple TV and even Apple Watch do not use SMB file sharing, so, in theory, WannaCry is not at risk.
Can Macs be contacted by Petya?
Petya is one of the attacks of on the horizon, similar to WannaCry, which affected computers in Europe and the United States in late June 2017.
Petya has hit some major companies and, such as the previous WannaCry attack that affected the NHS in the UK, quickly spread to Windows computers rather than the same network.
Computers are infected because of a vulnerability in Windows when Microsoft released a pool. Many antivirus companies have updated theirs software to defend against Petya.
Petya's rescue plan requires a payment of $ 300 on Bitcoins as a repurchase fee. However, the authors believe they are American readers, because the ransom note provides the same Bitcoin address for each victim and is provided with one contact email address, which, of course, is already closed.
It is possible that the attack was directed at the Ukrainian government and not as a source of income.
How to protect Mac from on the horizon
Although at the time of writing this article there have been no serious outbreaks of on the horizon on Macs (or elsewhere hardware Apple), security researchers believe it is possible.
Speaking on CNBC's "CNawk Box" program following the attack on popular WannaCry, Aleksandr Yampolskiy, CEO of SecurityScorecard, stressed that Apple users are at risk of being attacked by WannaCry, even if that particular incident only affects Windows
"It is possible that this attack is aimed at Windows computers," he said. "But Apple is at risk of being attacked by similar types."
So, let's think in the sense that you are infected. What should you do if your Mac is infected?
1. Don't be afraid
Take your time to measure it, and calm down: there is certainly a solution.
2. Cleaning
Use a scanner malware like him free Bitdefender virus scanner to look at on the horizon and finish it.
You cannot be the only person affected on the horizon, so watch out for news on similar professional websites iGamesNews.com to know more about the type of infection.
You will probably receive some instructions on how to clean up the infection, if the virus scanner is unable to do so.
One or a security researcher may have found a way to export your files for free, something that happened with the latest virus-infected model. on the horizon identified on Mac.
3. Don't pay
As you will see later when we examine a few outbreaks of on the horizon affecting Mac, there is a good chance the payment will not get your files.
4. Disconnect and disconnect the storage
For example only on the horizon Cash – which has been seen so far on Mac – KeRanger – has also tried encrypting Time Machine backups, trying to prevent the user from returning the files to a backup.
So, when you find out that your Mac is infected by software, you should minimize the possibility of backups being encrypted by quickly disconnecting any removable storage, such as external hard drives, and disconnecting from any shared network, by clicking on the eject icon that appears next to the entries in the Finder bar.
5. Install & # 39; Redemption Where? & # 39;
Consider installing an app The ransom? This free app works in the background and monitors any activity such as file encryption, such as when a computer attack occurs. The Atonement
After that stop the process and let you know what happens. Some of your files may eventually be encrypted, but I hope there are more.
6. Basic protection phishing
As with many examples of recovery software and malware, WannaCry is starting to infect computer networks with phishing attacks. Never open unexpected email attachments, even though they may appear to be from someone you know, and no matter how important, they are interesting or dirty.
7. Do not use software unreliable
He on the horizon On the latest Mac, try streaming using "cracked" or downloaded apps designed to let you use it
8. Always make sure your application and applications are up to date
On Mac you can configure automatic updates by opening the & # 39; System Preferences & # 39 ;, which you will find in the & # 39; Finding Applications & # 39 ;, selecting the App Store & # 39;
Next, check the box & # 39; Automatically check for updates & # 39; and check all the boxes directly under this heading.
9. Only install from official websites
Suddenly a pop-up window appears that plugins your browser is outdated, for example, make sure you only update to the official website for that plugin, like him Adobe website if it's a Flash plugin.
Never trust the link provided with the windows pop-up. Hackers often use these pop-up windows and fake websites to distribute rescue programs and other malicious programs.
10. Always back up and disconnect
If you have a backup of your files, then it doesn't matter if on the horizon attack because you can simply retaliate.
However, the outbreak of on the horizon KeRanger has also tried encrypting Machine Machine backups, so that you can choose to use a third-party application like this Carbon Copy Cloner to support your files.
You may be interested in reading: Mac backup method.
However, it's not enough to make backup copies of your Mac. To really make sure, you have to disconnect your backup drive after Mac has backup, this way the drive cannot be encrypted
How can I protect my iPhone or iPad from attacks on the horizon?
IOS devices such as iPhones and iPads are built from scratch to be much safer than Macs on the horizon By using some form of malware infection it can be very difficult to get rid of it.
We certainly have no example so far, or at least on iOS devices that never existed jail.
However, iPhones, iPads and Macs are under the hijacking of iCloud, a form of recovery attack in either one a criminal Also use passwords obtained for one of the biggest security breaches to sign in and manage your user's iCloud account.
Then, changing the password and using the & # 39; Search My iPhone & # 39; s app to remotely disable iOS or Mac, they send the user recovery requests to regain control.
They tend to threaten to clean the device or Mac in addition to this. The first attack of this kind was Oleg Pliss in 2014.
However, even if the actual infection is on the horizonIt certainly makes sense to make sure you keep your iPhone or iPad completely updated to have the best protection against any potential threats.
When a new iOS update is available, a notification will appear next to the & # 39; Settings & # 39; app, and you can update it by opening the & # 39; Settings and then touch & # 39; General> Update software& # 39 ;. (Note that there is no way to configure auto-update for iOS.)
Any app that claims to provide antivirus scanning for iOS devices may be questionable because all iOS apps are in a sandy environment, so they can't scan an application or other malware
Should I use the application antimalware so?
It may surprise you, but Macs already have it antimalware included, courtesy of Apple.
XProtect works anonymously in the background and analyzes all downloaded files as part of the normal file classification process.
XProtect is constantly being updated by Apple with new definitions of malware, you can see the frequency of reviews by following these steps:
- To open System Information System, click on & # 39; Appa> About this Mac & # 39; then in & # 39; System Report & # 39;
- Select the & # 39; Software & # 39; heading in the left column and the title & # 39; Input & # 39; below it.
- Click on the topic & # 39; Installing Date & # 39; sort the list by the latest version and look for entries that mean & # 39; XProtectPlistConfigData & # 39 ;.
XProtect was how Apple managed to defeat KeRanger, perhaps its biggest threat on the horizon Mac has been very much up to date, before I had the chance to become a victim.
In addition, the most recent has been added to XProtect software Rescue for Mac, Filezip.
Combined with other built-in security measures, such as file fragmentation and the Gatekeeper, which prevents the user from active use or open documents they extract from unknown websites, the Mac is better protected against on the horizon than you think.
However, there is no doubt that there is nothing wrong with using a on-demand virus scanner like the Bitdefender Virus Scanner, even if we can find many false positives about the status of Windows viruses on things like email attachments.
Table of Contents