Hackers are locking and ransoming Macs: How to protect your Mac

“Apple [Mac] users: If you haven’t made your iCloud password strong and unique, today might be a great day to do so,” Henry T. Casey reports for LAPTOP.

“We’re seeing reports of online ne’er-do-wells taking advantage of a long-existing system-locking tool in iCloud’s Find My Mac feature, which isn’t locked behind two-factor authentication, to lock up Macs remotely and hold them for ransom,” Casey reports. “These attacks aren’t due to a mistake, or a change in how Apple implements two-factor authentication (2FA). The company intentionally makes its Find My iOS and macOS device services — which can place a lock-code on a machine — accessible once you’ve entered your iCloud password. The reasoning is because you might have lost access to your trusted device as a result of the theft (your iPhone, for example, could be stolen from you in public).”

“We’ve argued in the past that Apple needs to find some way to implement 2FA for this service, but to no avail,” Casey reports. “Such remote takeovers have plagued iPhone users for years. But now that Apple has extended the same ‘Find My Device’ service to Macs, online criminals are using the same technique to hijack laptops and desktop computers.”

Read more in the full article here.

MacDailyNews Take: Use unique passwords. If you haven’t already done so, enable two-factor authentication.

You can also turn off Find My Mac via System Preferences > Internet Accounts > iCloud > Find My Mac.

If you’re affected, contact Apple Support.


  1. Does that really “lock” everything? If you just start up from a system install USB can you access all the data that way? And what if you just turn off your Internet and restore from backup?

  2. I went to the iCloud preference pane to turn off “find my Mac”. Your tip was to turn it off under “iCloud” under “Internet Accounts”. Can someone explain why settings seem to be duplicated in “Internet Accounts” and other preferences such as iCloud, Mail, etc.?

  3. Ahem. This issue has been going on since 2016. It hit the security sites again in July, 2017.

    Thanks for catching up Laptop Mag! August Effect in September, apparently.

    In March 2016, Thomas Reed @Malwarebytes wrote this article (which @#%&^ WordPress isn’t allowing me to link):

    An iCloud scam that may be worse than ransomware

    “Ericka said her computer was asking for a six-digit code, and that a Russian hacker was asking for payment in exchange for the code. This sounded like more than a simple scam pop-up.

    From the screenshots she sent me, it soon became clear what had happened. The hacker had somehow gotten access to Ericka’s iCloud account.”

    1. Q: So how does this happen?

      A: Here are a few reasons how:

      1) You’ve been Phished. You received an email that faked itself as being from Apple. You clicked on the link in the Phishing email, were presented with a fake Apple interface, you did what it told you to do, which was to Log In. Oops. You just gave away your ID and your PASSWORD.

      Phishing attacks these days are relentless and endless. Expect them. Question every email. Click on nothing inside email unless you’ve verified that the email is bone fide. Verify.

      2) You’re the victim of a ‘Dictionary Attack’. Someone guessed your Apple email address, aka your Apple ID. Then they attempted to log into Apple over and over via a list of common passwords. Examples: ‘12345678’, ‘monkey’, ‘password’…

      3a) A website has been hacked and all its user’s account information has been stolen.

      (This literally happens every day at this point in time. I learned yesterday that thousands of companies with worthless IT staff were just as stupid at Equifax and didn’t update their Apache server software, Apache Stacks in particular. ALL those companies remain susceptible to the same hacking stupid Equifax experienced. The Apache security update they skipped is several months old. Inexcusable incompetence).

      3b) From all the stolen user data, the hackers found your account at that site and tried the same ID (email address) and password at Apple. They worked.

      They worked because you’re using the same password at multiple websites. Never do that! See MDN’s advice above. Get something like 1Password or LastPass to store all your various passwords, then memorize just one password that lets you into your password storage program. This solution works very well and with decent password managers, you can even access your passwords inside web browsers.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.