Mac Ransomware and Backing Up

We had some sad news in the Mac community this week when the first Mac-based ransomeware was found in the wild. The bad guys hijacked the popular bit torrent client, Transmission, and managed to inject a malicious version of the app into the developer’s web site. Unwitting users downloaded and installed the malicious code and the ransomware, called “KeRanger”, promptly encrypted the user’s drive, demanding 1 bitcoin (about $400) to unlock it.

I’ve had a few legal clients on the PC side get caught in this trap over the last several years. I guess it was only a matter of time until this found its way to the Mac.

There really is no solution for people caught in the ransomeware trap. Even if you pay the criminals, who the heck knows if they will actually unlock it or, if they do, what else they will leave on your hard drive. The only real solution is to nuke and pave your hard drive.

When we first started the Mac Power Users, we spent a lot of time talking about backup. In fact we talked about it so much that we started getting complaints. Nevertheless, job one on any computer should be making certain you have a reliable backup system in place. One backup isn’t enough. It should be redundant.

I think one of the easiest ways to do this on your Mac is to get yourself an Apple Time Capsule, which makes incremental backups of your hard drive. If you add to that a copy of SuperDuper or Carbon Copy Cloner, you can make your own manual mirror image-style copies of your data on separate hard drives, which can then be put in a drawer and, more importantly, disconnected from the Internet. There’s a lot more I do and perhaps one day I will write it up in detail. It’s been several years since the last time I described my full backup regimen (Ack! 8 years!) and it has changed since then. (For instance, I no longer use FireWire 800. Grin.)

Either way, if you get yourself an external drive with a clone backup plus a Time Capsule, you’re probably in pretty good shape. More importantly, if you ever get caught with one of these ransomeware clowns, you can tell them to shove it, then delete your hard drive and restore from backup.