Cyber Attackers Are Setting Their Ransomware Sights on Apple Devices

Cyber Attackers Are Setting Their Ransomware Sights on Apple Devices

Apple users have always enjoyed a sense of security due to the rigorous security standards of both Mac OS X and iOS. While some have always believed that Apple’s operating systems haven’t been the target of cyber attacks due to relatively low market share, others think that Apple devices are virtually immune to threats.

However, the myth that Apple devices are immune to cyber attacks has been debunked—and now Apple users are faced with increasingly dangerous threats.

While many of the Apple-focused cyber threats that have emerged in the last year have targeted jailbroken devices, recent reports have discovered attack vectors such as YiSpecter targeting non-jailbroken devices as well. Now, attackers are starting to apply concepts of the rapidly growing ransomware threat landscape to Apple users.

In February 2016, Russian hackers revived a 2014 attack campaign that has resulted in potentially hundreds of thousands of Apple devices being held for ransom, leaving many looking for a real solution to the problem.


How Attackers Are Holding Apple Devices for Ransom

Like so many other cyber attacks, the latest threat to Apple users starts with attackers compromising the users themselves. There are multiple ways this can happen—phishing campaigns, weak passwords, password recycling, etc.—but the end result is a compromised Apple ID.

When attackers gain control of an Apple ID, they can then use the Find My iPhone function to turn on Lost Mode. Apple’s Lost Mode gives users the ability to lock their lost device and set a 4-digit passcode with a message for anyone who finds the phone. The Russian attackers exploited this feature, locking the phone and displaying a ransom message with an email address to contact.

According to Salted Hash reports, ransoms were typically between $30 and $50 with a 12-hour window for users to comply before their phones were wiped clean. While this isn’t necessarily a ransomware attack (what is ransomware?), it’s clear that attackers are opting for ransomware-style threats to exploit vulnerable users and quickly make a profit.

For companies concerned with having mobile endpoints compromised, ransomware must be a key concern—even for Apple users.

Apple’s Suggestions for Protection Aren’t Enough for Real Ransomware Threats

Following this large-scale campaign of ransomware-type attacks, Apple released a support page for all those affected. While much of Apple’s advice deals with ensuring your Apple ID is solely in your possession, the main piece of technical advice is to add two-factor authentication to your Apple devices.

Two-factor authentication would certainly help in the case of this attack campaign. Rather than allowing a hacker to carry out the attack simply with a compromised password, companies can further protect users by requiring the 6-digit passcode to grant Apple ID log-in access to untrusted devices. However, two-factor authentication would do far less to defend against one of today’s ransomware families.


Attackers launch typical ransomware threats through social engineering, infecting a machine by tricking users into clicking malicious links or opening malware-ridden attachments. Once the machine is infected, the ransomware can begin encrypting files, often leaving users with no choice but to pay the ransom to unlock sensitive data.

Because the social engineering tactics don’t have to rely on weak passwords, two-factor authentication wouldn’t necessarily solve the ransomware problem. It’s only a matter of time before true ransomware attacks start targeting Apple devices. Companies must be ready.

Protecting yourself against today’s ransomware threats is no easy task—but that doesn’t mean cybersecurity teams can ignore the problem. If you want to learn more about the nature of true ransomware attacks and how to defend your network and its endpoints, download our full guide to ransomware attacks, Ransomware Is Here: What You Can Do About It.