The Keranger ransomware is claimed to be modified linux ransomware trojan, this claim was made by the BitDefender company which researched the ransomware trojan.
In their blog, they state that the Mac OS X torrent client update looks virtually identical to version 4 of the Linux File Encoder Trojan.
Security of MAC OS X
Mac OS X uses the security feature called “Gatekeeper”, the gatekeeper feature allows users to restrict sources from which they can install applicatons from – but in the case with the KeRanger Trojan, the attackers had used legitimate certificates to trick the Gatekeeper into believing that it is a genuine application. This is not the first time cyber-criminals managed to circumvent Gatekeeper by misusing legitimate digital certificates. In 2013, (MAC.OSX.Backdoor.KitM.A) was found on the computers belonging to Angolan civil rights activists.