Macs under attack, hackers block remote access. How to defend yourself

Thanks to a flaw in the Find My iPhone service, hackers are blocking several Macs remotely and demanding a ransom to unlock the PC

Hackers are targeting Mac users. Cyber criminals, in fact, are remotely locking several Apple home computers by exploiting a flaw in passwords and Apple ID codes. In order to defend themselves against this new hacker threat, it is not even enough for users to use two-factor authentication.

Apple itself has advised all Mac users to change the password used on the computer as soon as possible. According to the first research of cyber security companies, cyber criminals use a vulnerability in the Find My iPhone application to receive a list, including ID codes, of many Macs around the world. Using the code, hackers remotely lock the device. Two-factor authentication, even if active, is not an extra factor for protection at the moment. This is because two-factor verification is not required by default to access the Find My iPhone service.

The Ransom to Pay

Once the Mac is remotely locked, cyber criminals send a message to the victim requesting a payment of approximately 50 Euros in bitcoin to gain access to the device again. Once the payment is made, the hacker sends the victim the new six-digit code needed to unlock the Mac. Apple has already stated that it is working to fix the problem and a patch for the Find My iPhone service will be released soon and more generally security on Mac devices should also be improved. To create secure passwords for Mac you can use third party services and applications like Lastpass or 1Password. If you don't want to use a third-party service, remember to create passwords that are difficult to crack and that don't have clear references to our name or our less confidential information. The advice, in order to defend ourselves from this new cyber threat, is to update our Apple credentials as soon as possible, because there is a possibility that our password can be found among the compromised servers and can easily end up in the hands of a cyber criminal.