A New Form Of Ransomware

May 26, 2015 mitch tanenbaum Leave a comment

In addition to the traditional ransomware that everyone knows about, the AdultFriendFinder breach I wrote about earlier has the hackers blackmailing users of the site. Now, mSpy clients are being extorted too.

Brian Krebs is reporting that hackers are using the mSpy breach to extort iPhone users. Apparently, users who have mSpy installed are asked for their iTunes userid and password so that mSpy can extract data from iCloud.

mSpy is used to spy on your “loved ones’ – strange concept – so you install it on their phones. But, they are not supposed to know it is there. What is not clear to me is whether the iTunes accounts of the spyees or spyors or both are in the hacked data. From what I have read, it appears to be the spyee – hence they don’t know that their accounts have been compromised.

With all the user data from mSpy now available on the dark web, hackers are, very quickly, extracting those iTunes userids and passwords from the hacked data.

Next, using Tor, the hackers can log into iTunes using those ill-gotten credentials and using the find my phone feature, wipe the phone, set a message that said the phone has been hacked and tell the owner that only way they can get it back is to pay a ransom.

Since most Apply users rely on the Apple ecosystem for backups and the hackers have control of the user’s iTunes/iCloud account, the user, their phone, their data and their backups are all under the control of the hackers. Assuming that the hacker has taken over their iTunes account, I don’t think they would be able to access their backups in iTunes on their Mac or PC, if they exist.

So, do you pay the ransom? Or not? A dilemma.

And, if you do, will the hacker return control of your iTunes account and phone?

One thing to consider is backups completely outside the Apple universe. At least then you could get your data back.