“Crackers appear to be making use of passwords from other sites that have had password breaches in the past—and iCloud accountholders re-use those passwords with their iCloud account,” Fleishman writes. “With Find My Mac enabled and your password, a criminal can log into iCloud.com and use Find My Mac (even without confirming with a second factor) to put your Mac into Lock mode with a six-digit code they create. Lock mode restarts a Mac into Recovery and locks out a normal boot.”
Fleishman writes, “I recommend the following.”
Read more in the full article here.
MacDailyNews Take: Do not pay the ransom. Use unique passwords for evert site and service. Don’t reuse passwords!