Get detailed analysis of the ransom scam via firstname.lastname@example.org or email@example.com and unlock hijacked MacBook, iPhone or iPad without wasting money.
As far-fetched as it may sound, one of the most popular techniques for hacking an Apple device boils down to performing certain manipulations via a specific page on the vendor’s official support portal. The only prerequisite is to have a potential victim’s Apple ID and password to log into the service. Intrigued? This is exactly the way threat actors are locking down numerous users’ iPhones, iPads or MacBooks remotely. Those affected discover that their device has become inaccessible out of the blue, with a lock screen asking for a 4-digit PIN to sort things out. To get this PIN, victims are instructed to send an email to firstname.lastname@example.org or email@example.com.
Let’s now scrutinize the anatomy of this hijack. First, a cybercriminal gets hold of one’s Apple ID and the corresponding password to access a prey’s personal Apple account. It’s hard to say for sure where crooks get this information. Some security analysts argue that the source can be a dump of these credentials via Dark Web forums. Another guess is, the felons brute-force the passwords or deploy dictionary attacks to figure them out. One way or another, someone motivated by financial gain trespasses on one’s Apple account. Then, they enable a feature called “Find My iPhone” on behalf of the hacked user. This functionality allows locking a device remotely. Furthermore, the perpetrator enters a custom message to be displayed on the screen of the gadget.
The wording tends to be as follows, “Lost iPhone. Write to email: firstname.lastname@example.org.” Another variant of the lock text displayed on MacBooks goes, “Your computer is disabled. Write to email: email@example.com.” Note that the email addresses are interchangeable for different types of jacked up devices. If you try and enter a random code, the screen will simply say, “Wrong passcode. Try again.” Of course everyone’s next move is to shoot a message to the indicated address. Once this is done, the victim gets auto-reply (see screenshot above) that says, “Hello. Your device is locked. To activate the device. Pay $50 to the Bitcoin Address: [hacker’s Bitcoin wallet]. After payment inform us and we will send your access code. Time for payment is 24 hours. If we do not receive payment from you within 24 hours, you device will be blocked.”
Ultimately, the user is coerced into paying money to get their device unlocked. One of the main takeaways from this type of incursion is that no malicious code is involved in it. Instead, it’s all about a handy feature abused in the worst way imaginable. The good news is, there is no need to submit any Bitcoins to the sleazeballs. See the workaround below.
Unlock iPhone hijacked via firstname.lastname@example.org / email@example.com hoax
As per the anatomy of this con, an efficient workaround is to reset the iCloud login credentials. To do this, go to iforgot.apple.com on a computer or other non-infected device and follow the steps below:
• Select the option that says "Forgot Apple ID?"
• Enter the requested details, including your first name, last name and email address and click Continue.
• Fill out the personally identifiable information as instructed and answer security questions you had configured when creating your Apple ID. Alternatively, you can select the "Get an email" option and receive an email to reset your password.
• Follow any further directions until you reset your iCloud password. In some cases, you may have to give Apple Support a phone call to explain your issue and get the reset job completed.
• Use the new password to regain access to your iOS or macOS device.
If your Mac has been locked down with the firstname.lastname@example.org / email@example.com ransom message, it’s quite likely that it already has viruses like Mac ransomware 2017 or spyware on board. This is why it’s in your best interest to check your Mac for malicious code with the Freshmac security tool.
Prevent Mac lock alert extortion using Freshmac security suite
Because the blackmail through firstname.lastname@example.org / email@example.com is typically associated with Apple ID credentials theft prior to the attack, it is strongly recommended to use a reliable security tool like Freshmac. It instantly detects malicious code that performs that sort of unauthorized reconnaissance on Macs and stops it in its tracks before it causes any damage. Freshmac (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.
This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through preventing and automatically removing Mac ransomware.
1. Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software.
2. Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.
3. The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.
4. If your Mac keeps acting up, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.
5. Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The ransomware shouldn’t be causing any further trouble.