This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

First real OS X ransomware

researchcenter.paloaltonetworks.com/.../

Developer certificate revoked for this one, and now supposedly cataloged in XProtect (however, my latest 10.8 XProtect is still showing 2/10 for last update--maybe doesn't affect 10.8?), but no reason to think it will stop with Transmission or other torrent clients. Will most likely move on to other kinds of downloads,/programs, not just torrent clients. $99 for Apple code signing certificate from Apple is cheap. The cost of doing business-- a trifle compared to the haul they can make in a few days before the certificate is revoked. As soon as one is revoked, they will just get another.


At the moment, can't gain persistence, but expect that won't last long. And probably won't take long before anyone can buy this as a kit.

Will Sophos stay on top of this, now and through the inevitable variations, and protect?



This thread was automatically locked due to age.
Parents
  • We published detection for the known variants of the DMG as well as the binary Mon, 07 Mar 2016 12:19:11 +0000 as part of the IDE "tesla-cj.ide". Its our intention to stay on top of the current variant as well as future variants and publish updates as rapidly as possible. The automatic updating mechanism works pretty well, in this regard.

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Reply
  • We published detection for the known variants of the DMG as well as the binary Mon, 07 Mar 2016 12:19:11 +0000 as part of the IDE "tesla-cj.ide". Its our intention to stay on top of the current variant as well as future variants and publish updates as rapidly as possible. The automatic updating mechanism works pretty well, in this regard.

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Children