PDF download Download Article PDF download Download Article

This wikiHow teaches you how to find clues that your iPhone or iPad is infected with ransomware. There’s only one thing to look out for—a demand for payment in exchange for your data or safety.

Part 1
Part 1 of 3:

Knowing If You Are Infected

PDF download Download Article
  1. If almost all of your apps are missing from your home screen, then you probably have ransomware on your iOS device. Note, however, if your device is connected to an organization, they can manage your device remotely and hide all the apps except those related to your work at the company.
  2. Go to Settings > General > Profiles and Device Management and look for any unknown management profiles. Most iOS devices cannot get ransomware. Ransomware is usually installed as an unremovable management profile from the Internet, sideloaded from an infected computer, or downloaded as the result of jailbreaking your iOS device.
    Advertisement
  3. If your phone or tablet is infected, you’ll see a notification from an app that demands payment to give you back your data or security. These pop-ups may appear out of the blue, or they may occur when doing a specific action (like pressing the Home button).

    Most ransom messages on iPhone and iPad are scams and require no action. If you get a message in your browser informing you that your iPhone has been disabled, do not pay the ransom—instead, clear all browser data to remove the message. Similarly, if you get an SMS or iMessage informing you that your data has been encrypted, delete the message and report it as junk to Apple or 7726.

  4. Ransomware hold your data for ransom until you pay up. If you don’t pay up, data in your phone or tablet will become encrypted, making it inaccessible. Try searching for the message you see in a search engine like Google to find out if other people have had success freeing their data.
  5. Even if you pay, there’s no guarantee the ransomware will be removed. In fact, it may just reactivate. Instead, find a way to remove the ransomware from your iPhone or iPad, and be prudent in trying to prevent it in the future.
  6. Advertisement
Part 2
Part 2 of 3:

Avoiding Ransomware

PDF download Download Article
  1. This is especially important if you’ve jailbroken your iPhone or iPad. Apps from the App Store are reviewed and vetted, so they should be safe for the most part.
    • Occasionally some rogue app may appear on the App Store. Apple usually catches these pretty quickly. Just be sure to read app reviews and stick to apps you’ve heard of.
  2. This way, if your phone or tablet does get infected, you can restore your data right away. See Back Up Your iPhone to get started.
  3. Apple updates usually include fixes to security issues that could make your iPhone or iPad vulnerable to malware (including ransomware). See Update iOS to learn how to get the latest version of the system.
  4. If you receive a request for this type of information, delete it immediately. Replying with info could open you up to phishing attacks.
  5. Advertisement
Part 3
Part 3 of 3:

Removing Ransomware

PDF download Download Article
  1. Go to Settings > General > Profiles and Device Management, then tap on the management profile to remove. Tap on "Remove Profile" at the bottom of the screen, then enter your passcode.
    • Some profiles cannot be removed, in which case, you will have to reinstall iOS.
  2. Unless if you are jailbroken or on an outdated version of iOS, the most ransomware can do is hide your apps or control settings on your device, not encrypt your data. You will be able to restore your device from backup after all is done.
  3. You may have to hard reset it .
  4. Make sure that it is powered down.
  5. To do so, follow these instructions:
    • iPhone 6 and earlier/iPad before 2018: Hold the power button for five seconds. Hold the home and power buttons for ten seconds. Release the power button, continue holding the home button until the device is recognized by iTunes.
    • iPhone 7: Hold the power button for five seconds. Hold the volume down and power buttons for ten seconds. Release the power button, continue holding the volume down button until the device is recognized by iTunes.
    • iPhone 8/iPad 2018 and later: Press the volume up button, then the volume down button, then the power button for five seconds. Hold the volume down and power buttons for ten seconds. Release the power button, continue holding the volume down button until the device is recognized by iTunes.
  6. This will reinstall iOS on your phone.
  7. Your data should be intact. Note, however, you will have to reinstall any apps that are not available on the App Store from their respective sources.
  8. Advertisement

Expert Q&A

Ask a Question
      Advertisement

      Tips

      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!

      Warnings

      • Never pay the ransom. There is no guarantee that doing so will actually remove the ransomware, and it is illegal in some countries. Also, it encourages hackers to continue making more ransomware. [1]
      • Always have a secure Apple ID password. Many hackers will attempt to lock your device with Find My Device to get you to pay up. If you do not have a secure Apple ID password, hackers can set a passcode on your iPhone, lock your Mac, or erase your device entirely, even if you have two-factor authentication enabled. If any of this happens, you will not be able to get your data back.
      Advertisement

      About This Article

      Thanks to all authors for creating a page that has been read 38,744 times.

      Is this article up to date?

      Advertisement