Jeremy, you beat me too it. I clicked on this article only to post that exact comment
Then you're both idiots; Macs are no less susceptible to comprised software or websites or even viruses, except that it's usually very hard to do anything that requires root access (even harder under El Capitan). Anyone that repeats the notion that Macs are somehow invulnerable is also an idiot, but parroting the phrase every time a Mac related malware article comes up is just as idiotic.
This ransomware can only encrypt the entire disk if the user enters an admin password (which Transmission doesn't need), so it's probably only encrypting files in their home folder, which can easily be recovered from a Time Machine backup.
I'd be interested to find out how they intend to encrypt Time Machine backups as well, as tampering with those is hard to do even as root as you have to use a specific bypass tool to do anything to them, and even then 90% of what you do do will have unexpected (usually destructive) results, though I suppose for ransomware purposes that's enough. Point being though that this would also require an administrator password at the very least, which means that the OS X security model is working just fine.
Gatekeeper is also not failing here; if you sign your software with a valid developer certificate then it'll let it pass, which is entirely by design so again, working correctly. However, Apple can revoke malicious certificates (and will presumably do-so in this case). You also have to pay for a developer license to get one, so unless they're using a stolen certificate Apple will also have details to track or send to law enforcement.
There may be an argument here that OS X should track certificates used to sign apps and flag any that have changed to a different developer unexpectedly.
Facebook
Twitter
Instagram