New Ransomware Scam Targetting iOS Devices Through Find My iPhone Exploit

New Ransomware Scam Targetting iOS Devices Through Find My iPhone Exploit

We are warning all of our customers with iPhones and iPads that they should immediately back up their devices either to their iCloud account or to their personal computers. Several news outlets have reported that hackers are using a Find My iPhone exploit to remotely lock-up iPhones and iPads.

The “Find My iPhone” feature is an important safety mechanism that allows a user to lock-down and erase sensitive data in the event that their device is lost or stolen. However, in the wrong hands, this feature can be used to disable devices and, in the case of this attack, demand a ransom to reactivate it.

The hackers are using a classic attack known as “phishing” to set up sites that look like legitimate Apple websites. The user enters their email and password into a form on the sites, thinking they are accessing a legitimate website, but are actually sending their credentials to hackers. The hackers then use this information to access and lock the devices using the “Find My iPhone” feature to demand a ransom in exchange for unlocking the device.

Again, if you haven’t done so already, backup your data to iCloud or your computer. (It’s important to note that iCloud’s Photo Stream will only store your last 1,000 images, so users with a large number of photos should definitely back them up to their computer.) Users are being asked to bring their devices to the nearest Apple store if they’ve been compromised. There, they can get their phones unlocked. However, doing so requires a hardware reset, which means that all data on the device will be lost. This is why it is extremely important to set up your iCloud account and backup your data immediately. Doing so is the only way to get your photos, pictures and music back after a hardware reset.

For more information on this attack, visit BGR.com or ArsTechnica.com.