In the past few days, a lot of Mac users have been hit by a wave of powerful ransomware attacks. Here’s how the hackers initiate this simple yet dangerous attack.
How this ransomware attack works
Hackers have once again effectively exploited the iCloud remote access features. This time around Mac users find themselves in the crosshairs of these hackers.
Here’s how a hacker initiates the attack –
- The target Mac computer is locked using the “FInd My Mac” feature.
- The attacker sets a new PIN code, thus blocking access to the actual owner completely. No matter what you do, PIN code set by the hackers can’t be bypassed because it locks your Mac at the “firmware” level.
- A message appears on the screen demanding a ransom of 0.01 Bitcoin (38 USD).
- Once the ransom is sent, the hacker sends the unlock PIN code.
Prior to initiating the hack, the hacker must have access to your Apple ID username and password. Since hacking Apple’s servers directly is not possible, the attackers rely on existing leaks and dumps of other online services.
Since a lot of users use the exact same password across several services, it doesn’t take long for a hacker to stumble upon the right combination.
Two-factor Authentication goes bust!
A lot of users consider Apple’s two-factor authentication as the holy grail of security. However, this ransomware attack tells another story.
This hack exploits the fact that Apple allows access to “Find My iPhone” feature without two-factor authentication provided your trusted device has gone missing.
If you are hit by this attack, contact Apple Support as soon as possible. Since the problem is widespread, your issue will be resolved quickly.
For all Mac users out there, I would suggest turning off “Find My Mac” if you don’t use it. Secondly, try to make sure your passwords are strong and don;t forget to include variations for different services.
For more security updates and news, follow us on Twitter and Facebook.