Find the Best solution for PC threats

KeRanger has emerged out as the First Mac OS X ransomware

OSX.Keranger Detected on Mac OS X on March 5, 2016

Threat Defination

KeRanger is first detected on March 5, 2016 on Mac OS X users through downloading compromised version of the installer for the Transmission BitTorrent client. Thus, OSX.Keranger is the new malware that is targeting users of Mac OS X operating system.



The behavior of KeRanger ransomware is similar to that of TeslaCrypt ransomware designed for windows based OS. After getting inside the target Mac OS X PC, KeRanger ransomware will scan through the PC to find important files of more than 250 extensions and encrypts them. After encrypting the files, it then displays the warning message that the victim should pay 1 bitcoin (approximately US$408). The ransomware drops a file that contains the instructions on how to pay the ransom. It is usually done through an unknown TOR network.
KeRanger Ransomware is able to bypass OS X’s Gatekeeper which is a useful MAC utility to block unwanted software programs trying to intrude from untrusted sources.

Potential Risk Involved

Since KeRanger malware has only one way to compromise the Mac OS X by malicious software, but the attackers are roaming out to find the other ways for spreading the first ever Mac OS X Ransomware KeRanger. If this attempt gets successful, then it will encourage the makers of such threats to design more number of them.

Precautions on preventing Ransomware attacks.

  • Users must keep their operating system and other recommended software up-to-date. This will fill the vulnerabilities that could compromise the software and attackers could not be able to find any flaws to get inside.
  • Keep a regular back up of your important files stored on your computer. Thus, if your computer gets infected with ransomware, those can be restored once the malware has been removed.
  • Always keep your security software up to date to protect yourself against any new variants of malware.
  • Do not open ant suspicious mail or its attachments, ignore clicking on untrusted websites or links.

How to detect OSX.Keranger on the Mac PC

It is strongly suggests that all Transmission BitTorrent app users should check whether their Macs have been infected with the aforementioned ransomware. We strongly recommend following the steps below.

  1. Use the Finder or Terminal to determine whether any of the paths exist:
    • /Applications/ General.rtf or
    • /Volumes/Transmission/ General.rtf exist.
    If you find any of the above mentioned paths, delete the Transmission application as soon as possible.
  2. Open the Activity Monitor utility and check if any process called “kernel_service” is running.

Double check each process, click “Open Files and Ports” and make sure that you don’t see“/Users/<username>/Library/kernel_service”. That’s the main process of KeRanger, so in case you have it running, choose“Quit > Force Quit”.

Check the “.kernel_pid”, “.kernel_time”, “.kernel_complete”, and “kernel_service” files in the ~/Library folder. If you locate any of these, delete them.

Note: If you are not aware of the internal structures of the files then, please do not attempt the manual instructions as it could harm other files on the computer.

  1. Scan the PC with the MacKeeper Scanner to detect the threat  and clean it completely from the PC.
  2. To restore the corrupted files Stellar Macintosh Data Recovery

Leave a Reply

Welcome To, we will provide users with latest news and information about computer threats like Adware, Spyware, Trojan, Browser Hijacker and Ransomeware. Here at, you will get all minute information about latest threats and manual removal instructions. We Hope our guides and articles help you troubleshoot your PC issues.

TotalSystemSecurity © 2015-2018