How to Recover From the iOS Ransom Attack

By Wayne Rash  |  Posted 2014-05-27
iOS Ransom Attack

How to Recover From the iOS Ransom Attack

The iOS ransom attacks that started in Australia and have since spread to the U.S. and Europe may be annoying or even frightening, but you don't need to panic. You can kick the bad guys out and get your device back fairly easily. Here's how.

At this point, nobody knows for sure how hackers got their hands on a slew of Apple IDs and passwords, which they then used to lock a bunch of iOS devices that they're now trying to hold for ransom. But because Apple uses an email address for its Apple ID, it's not hard to guess how it happened.

What probably happened is that the hackers got their hands on a bunch of emails and passwords, which they then used to see if they constituted Apple IDs. Those that did got locked and ransomed. Those that didn't could be used for something else, such a future hacking of Microsoft or Google IDs. But how it happened isn't important, what really matters is how to get your device back.

We'll start with the easy solution first. If you're running iOS 7, then Apple had you create a 4-digit PIN when you set up the device. Assuming you did this, all you have to do is swipe to unlock the device, then enter your PIN. You'll have the device back, but before you do anything else, you should change your Apple ID and come up with a new password that's reasonably secure.

Next comes the harder solution. Suppose you didn't choose a PIN. Then you have to use the "Device Disabled" procedure that Apple lays out for you. But don't try this option using iTunes since the Bad Guys already have your Apple ID and password. Instead, use the "Recovery Mode" procedure. You'll still need iTunes, but by then you'll also have had the chance to change your Apple ID and password.

Note that the Recovery Mode will erase your device and restore it to whatever was installed on it when it was new, including the old version of iOS. If you've been at all careful about backing up your device, you can restore it from your most recent backup, but remember that you'll need to update iOS before you can do that. While you're doing this, make sure you also change the Apple ID and password on your iCloud account.

Now that you've gotten control of your iOS device back, chances are you want to prevent the same takeover and ransom process from happening again. There are several things you can do.

First, if you don't have a 4-digit PIN enabled on your device, set one up and don't use anything obvious such as 1-2-3-4. If the hacker has your PIN, they can change it and you won't be able to recover from that.

How to Recover From the iOS Ransom Attack

In addition, make sure your Apple ID uses a secure password—not something that's easily guessed, such as "password."

You may also want to use an email address for your Apple ID that's not used for anything else. Using the iCloud email system probably won't help much, however, since you have to use your Apple ID to get into it. Fortunately, there are plenty of other free email services around that you can use, especially if that's the only thing you use it for.

Apple has also created a two-factor authentication process to protect your Apple ID that you can use. The two factor authentication works by texting a four-digit number to your cell phone, which you type into the screen when requested at the time you try to revise your account. You can also require it for making purchases or asking Apple Support for help with your Apple ID.

To set up two-factor authentication, go to the Apple ID management page and click on "Manage your Apple ID" button. Once you've signed in, go to the Password and Security section and select Two-Step Verification. Follow the instructions. Apple has provided a helpful FAQ for managing the two factor authentication.

There is one other method of getting past the ransom demands if your iOS device is managed through an enterprise mobile management system. Simply call your system administrator and request that your device get a remote wipe. That accomplishes the same thing as the system restore, but doesn't require that you fumble with buttons or connect with iTunes.

The iOS ransom demands highlight two facts about iOS device management that are important to remember. First, keep your device backed up so that restoring it is no big deal. If you want to make sure it's really secure, then save an encrypted backup to iTunes as well as backing up to iCloud. The second is a problem that goes beyond iOS, and that's the now pervasive use of email addresses as a login credential.

The problem with using an email address is that it's public, so no guessing or hacking is required, meaning that anyone wishing to break into an account needs to guess only the password. You can get around this by creating an email account that is used for nothing but providing a login address. The second way is to use a fake email address (most login routines are looking for the name@domain.something format) and then tell whatever site you're using what your real e-mail address is.

Either way, guarding your login information, including the user name, is a critical part of your security, so along with protecting it, change it every few months. These addresses are prime hunting grounds for hackers, so don't make it any easier than necessary.

Rocket Fuel