NEW YORK — For the first time, security experts say, a dangerous form of software called “ransomware’’ has successfully targeted a Mac operating system, piercing an image of safety that Apple customers had long enjoyed.
The attack, while noteworthy, affected a relatively small number of people and doesn’t mean that typical Mac users should panic, experts say.
The software, when installed on a victim’s computer, denies a user access to files unless a ransom is paid: about $400. It targets files that users would most likely find important: photos, videos, Excel spreadsheets, and Word documents.
Two analysts from the California-based security firm Palo Alto Networks, Claud Xiao and Jin Chen, discovered Friday that the ransomware was infecting downloads of Transmission, a legitimate BitTorrent file-sharing application, they said in a blog post.
About 6,500 users had downloaded the infected software over the weekend, a Transmission official told Forbes. That’s a small fraction of overall Mac users; Apple sold 5.31 million Macs in the first quarter of 2016.
Attackers had compromised Transmission’s website, changing its download link to include both the Transmission software and the ransomware, according to Ryan Olson, the threat intelligence director at Palo Alto Networks. The analysts found it about four hours after it was first uploaded, he said.
Such attacks are more common on machines running Windows, which has far more users, and have grown increasingly common in the past six to 12 months, Olson said. But even though Apple has had a good record of keeping dangerous software off computers, the successful attack could decrease user confidence, he said.
“It’s important to be aware that nothing is 100 percent,’’ he said in a telephone interview. “And every time we find a new one of these, that’s just another signal that 100 percent is not possible.’’
Apple revoked a certificate that allowed the software to be installed on Macs, according to Reuters, and Transmission removed the download link from its website Saturday, Palo Alto Networks said.
The ransomware, named KeRanger, would “sleep’’ for three days after being downloaded before encrypting the victim’s files, Olson said.
Such attacks have had destructive effects, largely because they often work. In February, a hospital in Los Angeles paid hackers $17,000 in Bitcoin after its computer system was down for more than a week.
Computers running Windows are often infected when users click a malicious link in an e-mail or one hidden in an advertisement. Once their machines are infected, users often have no choice but to meet the hackers’ demands.
Mac users have historically enjoyed more security from malicious applications, said.
“Apple has a lot of gates in the way to prevent that from being successful,’’ he said.
While Apple and Transmission responded quickly to limit the damage, the episode illustrates the value of backing up important files, Olson said. The effect of ransomware is much like a laptop falling into the river — the damage can be limited if your important files exist somewhere else, he said.