How to Recover From the iOS Ransom Attack

By Wayne Rash  |  Posted 2014-05-27 Print this article Print
iOS Ransom Attack

In addition, make sure your Apple ID uses a secure password—not something that's easily guessed, such as "password."

You may also want to use an email address for your Apple ID that's not used for anything else. Using the iCloud email system probably won't help much, however, since you have to use your Apple ID to get into it. Fortunately, there are plenty of other free email services around that you can use, especially if that's the only thing you use it for.

Apple has also created a two-factor authentication process to protect your Apple ID that you can use. The two factor authentication works by texting a four-digit number to your cell phone, which you type into the screen when requested at the time you try to revise your account. You can also require it for making purchases or asking Apple Support for help with your Apple ID.

To set up two-factor authentication, go to the Apple ID management page and click on "Manage your Apple ID" button. Once you've signed in, go to the Password and Security section and select Two-Step Verification. Follow the instructions. Apple has provided a helpful FAQ for managing the two factor authentication.

There is one other method of getting past the ransom demands if your iOS device is managed through an enterprise mobile management system. Simply call your system administrator and request that your device get a remote wipe. That accomplishes the same thing as the system restore, but doesn't require that you fumble with buttons or connect with iTunes.

The iOS ransom demands highlight two facts about iOS device management that are important to remember. First, keep your device backed up so that restoring it is no big deal. If you want to make sure it's really secure, then save an encrypted backup to iTunes as well as backing up to iCloud. The second is a problem that goes beyond iOS, and that's the now pervasive use of email addresses as a login credential.

The problem with using an email address is that it's public, so no guessing or hacking is required, meaning that anyone wishing to break into an account needs to guess only the password. You can get around this by creating an email account that is used for nothing but providing a login address. The second way is to use a fake email address (most login routines are looking for the name@domain.something format) and then tell whatever site you're using what your real e-mail address is.

Either way, guarding your login information, including the user name, is a critical part of your security, so along with protecting it, change it every few months. These addresses are prime hunting grounds for hackers, so don't make it any easier than necessary.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel