Ransomware and Find My Mac
Find My Mac (FMM) is a tracking feature that you can use should the worst-case scenario occur and you lose your Mac or, worse yet, it is stolen. One important element is that you must enable FMM before you are no longer in possession of your computer. If you do, you will be able to track it, lock it and send messages to it by using the interface via iCloud or the iOS app Find My iPhone.
How to Enable and Find
From the Apple menu button, click System Preferences and then select iCloud. You will need to log into iCloud using your Apple ID. If you do not have one yet, create one using the “Create an Apple ID” link. At the bottom of the list of iCloud features, you will find a checkbox next to Find My Mac. It’s that simple.
Now that FMM is enabled, you can readily find it. In order to do this, you can access via iCloud.com on another computer or use the iOS app on your iPhone or iPad. Log into your iCloud account and choose Find My iPhone. A map will appear that will depict the location of all of your devices. It’s important to note that your devices need to be online to appear in real-time. If it is not online, you will still see its location before it went offline. You will be able to determine this by looking for a green or gray circle next to your Mac. A green denotes currently online while a gray one relays that it is offline. It will, however, tell you what time it was online.
In addition to finding its location, you can have your Mac play a sound—which is ideal if it happens to be under a pile of papers on your desk, or you can lock it or erase it if you believe it to be in the hands of thieves. Wiping your hard disk is, of course, your last recourse but handy to have to ensure your personal or sensitive information does not get in the wrong hands. This one feature illustrates how important it is to have a strong password for iCloud to ensure someone cannot access and wipe your hard disk.
Ransomware and Hackers
Unfortunately, hackers have started using this service to hold devices ransom. According to MacRumors, hackers recently locked several Mac users out of their computers by signing into their iCloud accounts and using the FMM system. The hackers then send a message demanding a Bitcoin ransom in order to unlock the computer. In order to prevent this, or at least minimize the chances, be sure to change your Apple ID password, do not use the same password twice, and start using a password management program.
Finding your passwords usually occurs when a third-party site is breached; however, in 2012, Mat Honan reported that a customer service representative from Apple tech support actually gave a hacker access to his iCloud account. Perhaps, after major security breaches such as this have been reported, Apple has altered their requirements and increased security for accessing account information. But it leaves one feeling a little insecure to the point that some IT experts do not recommend the use of FMM. They also recommend not paying the ransom but contacting Apple customer service right away.
Disable FMM from the Command Line
It’s important to note that the information to connect to iCloud is stored on your computer on the nvram. Even if your hard drive is removed, this information is still available. If reassigning a computer or purchasing a second-hand Mac that has FMM enabled, the previous user could erase, lock or send messages. In order to avoid this, delete the information from the nvram by following this command:
$ nvram -d fmm-computer-name
$ nvram -d fmm-mobileme-token-FMM
At Addigy, we provide a cloud platform for IT admins to manage your fleet of Apple Mac computers. Contact us to find out how to ensure the security of your computers.
Keep I.T. Real,
The Addigy Team.