Ransomware Attacks Target Apple Users Via iCloud
A recent rash of ransomware attacks has left some Apple users locked out of their Mac computers and iOS devices. The nature of the attacks led some users to wonder if Apple itself had suffered some kind of hack. The good news is that the situation does not appear to be an Apple hack. The bad news is that hackers have somehow managed to get their hands-on login credentials for some users.
Hackers are attacking users by logging into their iCloud accounts and enabling the “Find My iPhone” function. This feature locks the iOS or Mac device until the user inputs a six-digit code. The attackers, of course, hold onto the six-digit code and demand that users pay a Bitcoin ransom to regain access to their devices.
Find My iPhone, of course, is designed to help users locate and secure lost devices. As a result, even if a user were to reset or reformat their device, it would still be locked.
There are a few strategies that users can take to protect themselves. Here are a few precautions to implement right away:
- Change your iCloud password: The root of this ransomware issue is leaked or stolen iCloud credentials. It isn’t currently clear what the source of these credentials was, but it is clear where the vulnerability lies. By changing your iCloud password—preferably to something you have never used on another device or website—you can preempt any attack against you.
- Turn off Find My iPhone: This step might sound like a nuclear option. However, given that Find My iPhone is the method hackers are using to lock users’ devices, shutting it off can definitely provide protection. Given that we don’t know where hackers got ahold of user information, this strategy might be a smart temporary precaution. However, know that if you turn off Find My iPhone, you are also surrendering the protections you will likely want to use if you do lose a Mac or iOS device. You won’t be able to track, lock, or wipe your device if it ends up getting lost or stolen.
- Enable two-factor authentication: Two-factor authentication can keep attackers from fiddling around with your settings—at least so long as they don’t have one of your Apple devices in hand. With two-factor authentication enabled, Apple sends a special code to your trusted devices every time you try to change iCloud settings. At the very least, this step can provide you with an alert system to let you know that someone is accessing your account. At most, it might prevent attackers from enabled the Find My iPhone lock feature.
While any ransomware scenario is bad, this one at least seems to be relatively contained. Taking all or some of the steps listed above should keep you, your devices, and your data safe.