Over the weekend, Apple Mac OS X was hit with the first complete ransomware going by the name of KeRanger. However, the impact of the ransomware was quickly curtailed as Apple revoked the security certificate which was used for the attack.

Reporting on the KeRanger ransomware, TechCrunch states that while it was not the first ransomware for Mac devices, it was soon being described as the first one that was complete. It also added that Palo Alto Networks was the first company to spot the KeRanger ransomware and much like other versions that were released for Windows devices, it came with the ability to encrypt certain files on a Mac.

In the case of KeRanger, the creators of the ransomware infected two installers used for Transmission, which is a torrent software. Once KeRanger was placed on the main server for Transmission, it was compromised and as people downloaded the installer for their Mac computers, it resulted in a development certification being used to circumvent Apple's protection system. This then resulted in some users' computers being infected but many were still able to use them in spite of the infection.

However, others have pointed out that the KeRanger ransomware typically takes a few days to become active and this only happens once the creators connect to infected computers via servers. Soon after the KeRanger ransomware was detected by Palo Alto Networks, Apple revoked the security certificate that was used for it and, therefore, it could not be run. This limited the amount of Mac computers that were infected with the KeRanger ransomware. Additionally, Apple has since then updated the malware definitions in XProtect to protect machines against KeRanger ransomware.

Transmission, which is the other affected party in this attack, has also advised people who downloaded its infected 2.90 client to instead download and use the 2.92 version. The 2.92 version has the necessary files to remove the files associated with the ransomware on affected systems.