Criminals are using Apple’s Find My iPhone feature to lock people out of their own Macs.
Victims say they’re being told by the attackers to pay to re-gain access to their devices.
Users should not pay the fee, as there’s no guarantee the criminals will honour their word. Instead, they should report it to Apple.
The issue, which was first spotted by MacRumors, is that Find My iPhone allows anyone who has your iCloud login details to not only locate your devices, but remotely lock them too.
It’s a useful safety feature, which is designed to discourage smartphone thieves. However, it’s open to abuse.
Find My iPhone also lets you send a message to a device.
In normal circumstances – if you’d misplaced your phone, for instance – such a message could read “Return to [owner’s address] – £30 reward”.
However, criminals who have learnt to exploit the feature for their own gain are instead using it to tell people their device will only be unlocked if they pay a ransom.
Twitter user @bunandsomesauce said his Mac was locked using this method, and he received a message reading: “Pay me 0,01 btc (50$) to this address: 1NERE6gyCGqmgE6e1tRT32EfHMvGMNsHmf. Then i will send code to ur email to unlock ur device :)”.
It’s likely that the criminals using this method of attack found the victims’ iCloud login details online, posted on a forum, perhaps, in the aftermath of a previous hack.
It’s therefore important to update your passwords, and to try to use different details for all of your separate accounts.
For further protection, you can disable Find My iPhone altogether, though this could backfire if you were to ever lose one of your devices.