Hackers are apparently remotely locking certain Macs and demanding affected users pay a ransom to unlock their computers, according to a string of recent reports.
The vulnerability seems to work like this: if an attacker has access to user’s Apple ID and password, they can use the Find My iPhone feature on iCloud.com to remotely “lock” a Mac with a passcode. That passcode is set by the hackers themselves, effectively “bricking” a device for users. The vulnerability works even when two-factor authentication is turned on, since Apple doesn’t require it for Find My iPhone — presumably for cases when a user’s primary device is the one that’s gone missing.
In many cases, affected users are also receiving messages from the attackers that demand they pay a fee to unlock their devices. Overall, the attacks don’t seem like a coordinated or widespread operation. More likely, these attacks are being performed by lone hackers.
For example, the Bitcoin wallets that the attackers are using seem individual to each case. In one of the reports, the wallet hasn’t received any transactions, in another case, a separate wallet has only received one, according to blockchain records.
As for how the attackers got their hands on the iCloud login and password data, there’s currently no evidence to suggest it was through a breach of Apple’s servers. More likely, the hackers found the usernames and passwords from breaches of other sites and third-party services. In many cases, the affected users probably used the same email address, username and password across multiple accounts.
The attacks seem relatively few and far between currently, but there are still enough cases to warrant concern for Mac and iOS users. One of the earliest reports seems to stretch back to early September, but the particular tactic has probably been used by hackers for quite some time.
How to Avoid Being Hacked
To prevent becoming a victim of this hack, you should change your Apple ID password — particularly if it’s a password you’ve used on other websites or services.
It might also be smart to enable two-factor authentication if it isn’t enabled already.
You can also check if your login information has been obtained by hackers in a breach via HaveIBeenPwned.com.
It’s best to use separate and distinct passwords for each and every website and service you use. Platforms like 1Password and iCloud Keychain are great tools for generating and storing passwords.
At the very least, try to come up with a unique and secure password for your Apple account.
If your Mac has been locked, the smartest course of action is to contact Apple Support. In many cases, impacted Mac devices will need to be wiped or restored from backup to remove the remote lock — though Apple staff can help you find the best way to go about getting your device fixed.