How to Recover From the iOS Ransom Attack

NEWS ANALYSIS: If you get a message demanding a ransom from your mysteriously locked iOS device, don't panic and don't pay the $100 (or Euro) ransom. There are ways to escape from this jam.  

iOS Ransom Attack

The iOS ransom attacks that started in Australia and have since spread to the U.S. and Europe may be annoying or even frightening, but you don't need to panic. You can kick the bad guys out and get your device back fairly easily. Here's how.

At this point, nobody knows for sure how hackers got their hands on a slew of Apple IDs and passwords, which they then used to lock a bunch of iOS devices that they're now trying to hold for ransom. But because Apple uses an email address for its Apple ID, it's not hard to guess how it happened.

What probably happened is that the hackers got their hands on a bunch of emails and passwords, which they then used to see if they constituted Apple IDs. Those that did got locked and ransomed. Those that didn't could be used for something else, such a future hacking of Microsoft or Google IDs. But how it happened isn't important, what really matters is how to get your device back.

We'll start with the easy solution first. If you're running iOS 7, then Apple had you create a 4-digit PIN when you set up the device. Assuming you did this, all you have to do is swipe to unlock the device, then enter your PIN. You'll have the device back, but before you do anything else, you should change your Apple ID and come up with a new password that's reasonably secure.

Next comes the harder solution. Suppose you didn't choose a PIN. Then you have to use the "Device Disabled" procedure that Apple lays out for you. But don't try this option using iTunes since the Bad Guys already have your Apple ID and password. Instead, use the "Recovery Mode" procedure. You'll still need iTunes, but by then you'll also have had the chance to change your Apple ID and password.

Note that the Recovery Mode will erase your device and restore it to whatever was installed on it when it was new, including the old version of iOS. If you've been at all careful about backing up your device, you can restore it from your most recent backup, but remember that you'll need to update iOS before you can do that. While you're doing this, make sure you also change the Apple ID and password on your iCloud account.

Now that you've gotten control of your iOS device back, chances are you want to prevent the same takeover and ransom process from happening again. There are several things you can do.

First, if you don't have a 4-digit PIN enabled on your device, set one up and don't use anything obvious such as 1-2-3-4. If the hacker has your PIN, they can change it and you won't be able to recover from that.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...