Download Article
Download Article
This wikiHow teaches you how to find clues that your iPhone or iPad is infected with ransomware. There’s only one thing to look out for—a demand for payment in exchange for your data or safety.
Steps
-
Look for your apps. If almost all of your apps are missing from your home screen, then you probably have ransomware on your iOS device. Note, however, if your device is connected to an organization, they can manage your device remotely and hide all the apps except those related to your work at the company.
-
Check your settings for a management profile. Go to Settings > General > Profiles and Device Management and look for any unknown management profiles. Most iOS devices cannot get ransomware. Ransomware is usually installed as an unremovable management profile from the Internet, sideloaded from an infected computer, or downloaded as the result of jailbreaking your iOS device.Advertisement
-
Watch out for push notifications from unknown apps. If your phone or tablet is infected, you’ll see a notification from an app that demands payment to give you back your data or security. These pop-ups may appear out of the blue, or they may occur when doing a specific action (like pressing the Home button).
Most ransom messages on iPhone and iPad are scams and require no action. If you get a message in your browser informing you that your iPhone has been disabled, do not pay the ransom—instead, clear all browser data to remove the message. Similarly, if you get an SMS or iMessage informing you that your data has been encrypted, delete the message and report it as junk to Apple or 7726.
-
Search for the message online. Ransomware hold your data for ransom until you pay up. If you don’t pay up, data in your phone or tablet will become encrypted, making it inaccessible. Try searching for the message you see in a search engine like Google to find out if other people have had success freeing their data.
-
Do not pay to get your data back. Even if you pay, there’s no guarantee the ransomware will be removed. In fact, it may just reactivate. Instead, find a way to remove the ransomware from your iPhone or iPad, and be prudent in trying to prevent it in the future.
Advertisement
-
Only install apps from the App Store. This is especially important if you’ve jailbroken your iPhone or iPad. Apps from the App Store are reviewed and vetted, so they should be safe for the most part.
- Occasionally some rogue app may appear on the App Store. Apple usually catches these pretty quickly. Just be sure to read app reviews and stick to apps you’ve heard of.
-
Back up your iPhone or iPad often. This way, if your phone or tablet does get infected, you can restore your data right away. See Back Up Your iPhone to get started.
-
Always use the latest version of iOS. Apple updates usually include fixes to security issues that could make your iPhone or iPad vulnerable to malware (including ransomware). See Update iOS to learn how to get the latest version of the system.
-
Never share personal information over email or text message. If you receive a request for this type of information, delete it immediately. Replying with info could open you up to phishing attacks.
Advertisement
-
Attempt to remove management profiles. Go to Settings > General > Profiles and Device Management, then tap on the management profile to remove. Tap on "Remove Profile" at the bottom of the screen, then enter your passcode.
- Some profiles cannot be removed, in which case, you will have to reinstall iOS.
-
Back up your device. Unless if you are jailbroken or on an outdated version of iOS, the most ransomware can do is hide your apps or control settings on your device, not encrypt your data. You will be able to restore your device from backup after all is done.
-
Connect your iPhone to your computer. Make sure that it is powered down.
-
Enter DFU mode. To do so, follow these instructions:
- iPhone 6 and earlier/iPad before 2018: Hold the power button for five seconds. Hold the home and power buttons for ten seconds. Release the power button, continue holding the home button until the device is recognized by iTunes.
- iPhone 7: Hold the power button for five seconds. Hold the volume down and power buttons for ten seconds. Release the power button, continue holding the volume down button until the device is recognized by iTunes.
- iPhone 8/iPad 2018 and later: Press the volume up button, then the volume down button, then the power button for five seconds. Hold the volume down and power buttons for ten seconds. Release the power button, continue holding the volume down button until the device is recognized by iTunes.
-
Choose "Restore [Device]..." This will reinstall iOS on your phone.
-
Restore from an iCloud or iTunes backup when you are done. Your data should be intact. Note, however, you will have to reinstall any apps that are not available on the App Store from their respective sources.
Advertisement
Expert Q&A
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
Advertisement
Tips
Submit a Tip
All tip submissions are carefully reviewed before being published
Name
Please provide your name and last initial
Thanks for submitting a tip for review!
Warnings
- Never pay the ransom. There is no guarantee that doing so will actually remove the ransomware, and it is illegal in some countries. Also, it encourages hackers to continue making more ransomware. [1] X Trustworthy Source Internet Crime Complaint Center Online reporting system for individuals to inform the FBI about Internet-related criminal activity Go to sourceThanks
- Always have a secure Apple ID password. Many hackers will attempt to lock your device with Find My Device to get you to pay up. If you do not have a secure Apple ID password, hackers can set a passcode on your iPhone, lock your Mac, or erase your device entirely, even if you have two-factor authentication enabled. If any of this happens, you will not be able to get your data back.Thanks
Advertisement
References
About This Article
Thanks to all authors for creating a page that has been read 38,518 times.
Advertisement