New Ransom Attack Is Targeting iOS Device Owners In US And Europe, Here Are The Details
You may remember that back in 2014, Australian iPhone owners were finding that their devices were being remotely locked and then essentially held at ransom; devices were threatened with remote wiping unless the owner coughed up a ransom.
Unfortunately we may be in the midst of a copycat spate of almost identical incidents right now once again, though this time around the targeted users are located mostly in the United States and the Europe.
When this occurred in 2014, it was decided that the reason iPhones were being remotely locked using Find My iPhone service was that there had been a breach which had seen Apple IDs and passwords leaked online. Having been procured from a third-party rather than a hack on Apple’s iCloud servers, the credentials were enough for attackers to remotely lock and then, if required, wipe the devices unless their owners paid a ransom.
Now a similar attack vector seems to be on the cards here, with a recent breach of the Mac-Forums.com database a possible source of the affected iCloud log-in credentials although that is as-yet unconfirmed.
CSO security blog Salted Hash first began to put the pieces together for the most recent spate of attacks, outlining the process attackers are following in order to put their ransom’s wheels in motion.
It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.
In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they’re told they have 12 hours to comply or their data will be deleted.
Now seems like a very good time to make sure that all of your important accounts, especially your Apple ID, are behind secure passwords. Nice, long, secure ones. It might be worth enabling two-step verification, too!