Posted by David Harley on May 28, 2014.
[NB, I’m not currently in a position to test any of these suggestions myself, but they seem sound in principle. If you are aware of any instances where they might actually make things worse, I’m all ears.]
It’s not clear exactly what has happened in the mysterious case of the Antipodean iOS ransomware– in particular, why the only people affected so far are in Australia and New Zealand. There’s a good blog/FAQ by Graham Cluley for Intego here, if this is a matter of concern to you.
Irrespective of what part of the world you live in, the most important (hopefully) preventative measure is to enable Apple’s 2-factor authentication for Apple ID credentials – as far as I can ascertain, no-one in Australia or New Zealand who’s done this has had the problem. See Apple’s knowledgebase article for details of how to effect it. Essentially, this allows you to authenticate using a password, a 4-digit PIN (verification code) texted to a trusted device at each login, and also generates a 14-digit recovery for emergency. This might also be a good time to change your AppleID password and ensure that you’re not re-using a password that might have been compromised from another service.
Apple Australia has also suggested contacting AppleCare or visiting an Apple Store if necessary, and claims that an iCloud breach is not responsible.
For people who have been affected, you can try to erase and the device and its passcode using recovery mode. This is how http://support.apple.com/kb/ht1212 describes the procedure for people who haven’t synched with iTunes, don’t have Find My iPhone set up, or can’t restore from iTunes or iCloud backup via their own computer :
I don’t know of an instance where someone has actually paid the ransom demand, but there’s no reason to assume that the criminal would actually restore the victim’s access to the affected device(s), so you might find that even if you pay, you still have to do what amounts to a factory reset.
Other links that refer:
Small Blue-Green World