Ransomware: Malicious software that encrypts your files and then demands payment to unlock them – has become a major scourge of the Windows world.
Mac users just had their first brush with such threats this month, with the appearance of the KeRanger ransomware. However, a ransomware scam in the Mac world is far worse than anything seen for Windows.
This hack seems to have turned an iMac into an expensive paperweight.
This is nothing like the countless web-based scams out there, pretending to be ransomware, but easy to get rid of. After accessing your iCloud account, a cyber criminal is able to remotely lock your computer using iCloud’s Find My Mac feature.
Shortly after being locked out of your device you will receive an e-mail message, in broken English, from your own iCloud address. The message says that the cyber criminal has access to all your bank accounts, personal information, etc, and will publish it if you do not respond within 24 hours.
This is a pretty serious threat, and quite different from the typical Windows malware. Unfortunately, the it does not end there. Apple designed Find My Mac/iPhone as an anti-theft feature. It is intended to allow you to take a number of actions on a lost or stolen device, including displaying a message, locking it, locating it physically and even remotely erasing it.
Apple is focused on trying to ensure the security of your devices, and that’s a good thing. You don’t want a thief to be able to bypass this security and gain access to your data. In this case, however, that security has backfired. Without proof of ownership, Apple won’t help unlock it. So unless you still have your receipt you will be out of luck. This reluctance to unlock a device is generally a good thing for those whose devices have been stolen. However, in this case, with a ransom message displaying on the locked iMac, one would think that an Apple tech should have escalated this case to someone who could make a more informed decision.
It’s also important to realize that an attacker with this kind of access could remotely erase all devices connected to that iCloud account. Worse, if you have 'Back to My Mac' turned on, the attacker could gain access to all the data on your Mac.
First and foremost, make sure that your iCloud account has a very secure password. Longer is better. As long as your password is long, and is not a quote from a book, movie, song or other media, and it’s not a common expression, and it’s not something that could be guessed with a little cyberstalking, it does not need to be horribly complex. A password like “horse airplane rutabaga flashlight” is far more secure than a complex but shorter password like “h@c|<m3.”
Second, DO NOT use the same password on any other site! Ideally, every online account should have a different password, and you should be using a password manager (like 1Password or LastPass) to keep track of all of them. This prevents situations where a server gets compromised and leaks your password, and then the cyber criminal is able to use that password to access all your other accounts.
Finally, be sure to turn on two-factor authentication on your iCloud account. This ensures that access to your iCloud account is restricted only to someone in possession of one of your designated “trusted” devices. That makes it significantly harder for a cyber criminal to remotely access your account!
Of course, beyond that, it would also be wise to ensure your computer is thoroughly backed up. This will ensure that any disaster – whether ransomware, iCloud hack or just plain bad luck – doesn’t also claim the life of your valuable data.
-Z
Thanks for reading! If you find our content helpful please consider donating a penny or two on our Patreon page(Seriously, that would make our day!). If you can't make a donation, please share this site with your friends and family!
If you do not have anti-virus or backup software we recommend Avast! and Carbonite. Both can be purchased and downloaded from our site, or we can install them for you!
Don't forget to like us on Facebook!
I was told that Macs do not get viruses, is this not true? I was considering switching over to Apple because of that, but if they do get viruses is it worth switching over?
ReplyDeleteIt comes down to personal preference. Macs do get viruses, many people believe that they do not, but they do. In the past most people used Windows computers, so there was no benefit to writing viruses for Macs. Now that a lot of people are using Macs, people do write viruses for them.
DeleteThey are definitely different from Windows computers, you may find that to be a good thing, maybe not. I suggest you go to the Apple display over at Bestbuy and play around with one before switching over.