Learn how to easily unlock iPhone or iPad hit by the firstname.lastname@example.org mobile ransomware that tries to dupe victims into submitting $50 as a ransom.
When security researchers reverse engineer an arbitrary piece of commonplace ransomware, they dissect its code in a bid to identify weak links and thus unlock the device or decrypt the personal data stored on it. In the case of the so-called email@example.com attack on iPhone or iPad, things are entirely different. On the one hand, the incident does look like a ransomware breach, with such attributes as the warning message and payment demands in place. On the other, it turns out that there is absolutely no malicious code running on the gadget. Instead, the threat actors somehow get access to one’s Apple ID and password and use these details to activate the feature called “Find My iPhone” via the victim’s iCloud account.
This is generally a useful functionality that’s meant to help Apple customers locate their lost or misplaced device. In this scenario, though, the offenders take advantage of this option to lock the phone and even set up a custom warning message other than the default “This iPhone has been lost. Please call me”, followed by the owner’s phone number. The rogue alert says, “The device is locked. Unlock 50$. Write on e-mail: firstname.lastname@example.org”.
The victim, obviously, is told to contact the perpetrator over email and get a response with instructions on how exactly to pay the $50 fee for the unlocking. Although this looks like a serious predicament at first sight, there is so much bluff behind it. The only thing that’s real is the fact that the attacker managed to get hold of many users’ Apple IDs and other iCloud credentials. It’s likely that there was a massive dump of this information recently somewhere on the dark net. Furthermore, the infected users’ passwords were reportedly weak, which may have also become a springboard for deploying a con like this. Once the malefactor has these details, they can safely log into the target’s iCloud account, go to the “Find My iPhone” app, enter a message that will be shown on the lock screen, and activate the feature.
Therefore, this is a data breach issue rather than an actual ransomware assault. There is no bad application running on the iPhone – it’s just a social engineering attempt to persuade the victim otherwise. Fortunately, it shouldn’t take a rocket scientist to circumvent this lock. The first thing that a user should try is simply tap the unlock option at the bottom of the screen and enter their regular passcode set on the device. If this doesn’t help, be sure to follow the instructions below. Also, be sure to use strong passwords for your sensitive accounts and consider setting up two-factor authentication.
Unlock iPhone hijacked via email@example.com hoax
As per the anatomy of this con, an efficient workaround is to reset the iCloud login credentials. To do this, go to iforgot.apple.com on a computer or other non-affected device and follow the steps below:
• Select the option that says "Forgot Apple ID?"
• Enter the requested details, including your first name, last name and email address and click Continue.
• Fill out the personally identifiable information as instructed and answer security questions you had configured when creating your Apple ID. Alternatively, you can select the "Get an email" option and receive an email to reset your password.
• Follow any further directions until you reset your iCloud password. In some cases, you may have to give Apple Support a phone call to explain your issue and get the reset job completed.
• Use the new password to regain access to your iPhone or iPad.
Use security software to prevent iPhone hijacking
Infections like the firstname.lastname@example.org locker can obtain your sensitive credentials through unprotected connections. Logging into public Wi-Fi networks and visiting compromised sites can get the gadget exposed to malware and man-in-the-middle attacks. It’s therefore strongly recommended to use automatic protection during web surfing.
1. Download and install SurfEasy VPN (read review). This app accommodates Wi-Fi security as well as privacy and identity protection features
2. Make sure SurfEasy Protection is turned on throughout Internet browsing sessions. The application will encrypt all traffic, prevent ad tracking, anonymize online activities and secure the iOS device when it’s connected to Wi-Fi hotspots.