Cloud Security, Threat Management, Incident Response, TDR

Researcher: iCloud account hijacking can be used simulate ransomware attack

Having your iCloud account hijacked may be as bad, if not worse, than a ransomware attack because hackers can use Apple's Find My Mac security feature to remotely lock out a device's owner and demand payment to unlock it. 

A Malwarebytes blog post yesterday cited the recent case of a Mac user who mistakenly believed ransomware ocked her out of her computer. But in fact, a hacker had accessed her iCloud credentials, and then used Find My Mac to lock the computer and send a ransom demand message. The victim also received an email from her own iCloud address warning that her personal and bank information would be published if she did not pay within 24 hours.

“It's also important to realize that an attacker with this kind of access could remotely erase all devices connected to that iCloud account,” the blog post warns. “Worse, if you have Back to my Mac turned on, the attacker could gain access to all the data on your Mac.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.