Menu
Apple users hit by $100 ransom demand after mystery iCloud account breach

Apple users hit by $100 ransom demand after mystery iCloud account breach

Oleg is taking the pliss

Apple iPhone, iPad and Mac users in Australia and New Zealand are being pestered by mysterious ransom messages demanding up to $100 in order to 'unlock' their devices. A hack of some iCloud user accounts is suspected.

If the baffled and worried messages on Apple's local support forum are any guide, this is not a ransom attack in the mould of the Windows Cryptolocker Trojan that actually encrypts files or makes the device difficult to use, and looks like a social engineering attack manipulating the 'Find your phone' device lock feature in Apple's iCloud.

"I was using my iPad a short while ago when suddenly it locked itself,...I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail.com) to return them to me," wrote the first user to complain of the attack.

Several dozen other users later reported identical demands as well as being locked out of their devices. Needless to say, there is no evidence that the 'Oleg Pliss' mentioned in the demand is related to any known person of that name.

On an Android device or a PC, suspicion would fall pretty quickly on a rogue app downloaded from the Play store but the evidence strongly suggests that a compromise of some Apple iCloud accounts has occurred.

All the victims appear to be in Australia and New Zealand while others report that more than one Apple device - including possibly Apple Mac laptops - are simultaneously affected by the attack. Other users mention receiving 'Find your phone' emails from their iCloud service.

Almost certainly, hackers have broekn into some iCloud accounts, setting the remote lock feature used in normal times when a smartphone or iPad is lost or stolen. Users can reset this as long as they can access their iCloud accounts.

Users on Australia and New Zealand should therefore change their account passwords immediately, For anyone who finds themselves locked out of their account, a call to Apple will be the only option.

Beyond nuisance value and the possibility that a few nave souls will pay the ransom demanded to the hacker's PayPal account what is at risk here? In principle, a hacker with access to the iCloud has access to all files saved there including images and notes. That means some could be at risk of losing personal data or having it wiped as part of the reset process.

Attention will turn at some point to how the compromise happened. Theories abound on this but the most probably explanation is either that the hackers have got access to email addresses or user account names and then guessed weak passwords or accessed a database of a reseller or Apple partner.

"While it's not clear how the attacker gained account credentials for the accounts, given the localized nature of the attacks it's likely that this is a case of password reuse as opposed to Apple servers being compromised," agreed Michael Sutton, vp of research at security firm, Zscaler.

"It is likely that a third party database was compromised and authentication credentials stolen that are the same credentials used by the owners of the affected iOS devices. Fortunately, this is a situation where Apple can intervene to reset the device and affected users should not pay the ransom being sought," he said.

Sister title Computerworld has published more detailed advice on coping with the attack.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Personal TechApplesecurity

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments