iCloud account hijacking can be used to simulate ransomware attack
Having your iCloud account hijacked may be as bad, if not worse, than a ransomware attack because hackers can use Apple's Find My Mac security feature to remotely lock out a device's owner and demand payment to unlock it.
A Malwarebytes blog post yesterday cited the recent case of a Mac user who mistakenly believed ransomware locked her out of her computer. But in fact, a hacker had accessed her iCloud credentials, and then used Find My Mac to lock the computer and send a ransom demand message. The victim also received an email from her own iCloud address warning that her personal and bank information would be published if she did not pay within 24 hours.
“It's also important to realise that an attacker with this kind of access could remotely erase all devices connected to that iCloud account,” the blog post warns. “Worse, if you have Back to my Mac turned on, the attacker could gain access to all the data on your Mac.”