Hackers claiming to have hundreds of millions of iCloud credentials have threatened to wipe date from iPhones, iPads and Macs if Apple does not fork over $150,000 within two weeks.
"This group is known for getting accounts and credentials, they have gotten credentials in the past," said Lamar Bailey, director of security research and development at Tripwire, of the purported hackers. "But whether they have that many ... who knows?"
There's another reason for not panicking, Bailey said: People can quickly make their accounts more secure, assuming the criminals have only collected, not actually compromised the iCloud accounts by changing millions of passwords.
"The best thing to in this instance is to change the [iCloud account] password, especially if it's a weak password," said Bailey in an interview. Weak, in Bailey's mind, was not necessarily simply short, but "one that was in the dictionary."
Hackers can brute-force passwords that consist of a single real-world word -- one in the dictionary -- by relying on, not surprisingly, lists of words from the dictionary. Bailey reiterated the long-standing advice to compose passwords from numbers, letters and special characters, such as & and ^.
Another tip is to employ two-factor authentication.
It's also important not to confuse the different types of hostage-taking software, so you know what you're dealing with.
Scareware is a label applied to phony security software that claims a computer is heavily infected with malware. Such software nags users with pervasive pop-ups and fake alerts until they fork over the "registration" fee, sometimes in the hundreds of dollars.
Ransomware has largely replaced scareware as the go-to shakedown; the former compromises a computer, encrypts some or all the contents of the local storage, then promises to hand over an encryption key in return for a large payment.
For more information about ransomware, download our free PDF.
To continue reading this article register now