Apple users hit by $100 ransom demand after mystery iCloud account breach

Apple users hit by $100 ransom demand after mystery iCloud account breach

Oleg is taking the pliss

Apple iPhone, iPad and Mac users in Australia and New Zealand are being pestered by mysterious ransom messages demanding up to $100 in order to 'unlock' their devices. A hack of some iCloud user accounts is suspected.

If the baffled and worried messages on Apple's local support forum are any guide, this is not a ransom attack in the mould of the Windows Cryptolocker Trojan that actually encrypts files or makes the device difficult to use, and looks like a social engineering attack manipulating the 'Find your phone' device lock feature in Apple's iCloud.

"I was using my iPad a short while ago when suddenly it locked itself,...I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at) to return them to me," wrote the first user to complain of the attack.

Several dozen other users later reported identical demands as well as being locked out of their devices. Needless to say, there is no evidence that the 'Oleg Pliss' mentioned in the demand is related to any known person of that name.

On an Android device or a PC, suspicion would fall pretty quickly on a rogue app downloaded from the Play store but the evidence strongly suggests that a compromise of some Apple iCloud accounts has occurred.

All the victims appear to be in Australia and New Zealand while others report that more than one Apple device - including possibly Apple Mac laptops - are simultaneously affected by the attack. Other users mention receiving 'Find your phone' emails from their iCloud service.

Almost certainly, hackers have broekn into some iCloud accounts, setting the remote lock feature used in normal times when a smartphone or iPad is lost or stolen. Users can reset this as long as they can access their iCloud accounts.

Users on Australia and New Zealand should therefore change their account passwords immediately, For anyone who finds themselves locked out of their account, a call to Apple will be the only option.

Beyond nuisance value and the possibility that a few nave souls will pay the ransom demanded to the hacker's PayPal account what is at risk here? In principle, a hacker with access to the iCloud has access to all files saved there including images and notes. That means some could be at risk of losing personal data or having it wiped as part of the reset process.

Attention will turn at some point to how the compromise happened. Theories abound on this but the most probably explanation is either that the hackers have got access to email addresses or user account names and then guessed weak passwords or accessed a database of a reseller or Apple partner.

"While it's not clear how the attacker gained account credentials for the accounts, given the localized nature of the attacks it's likely that this is a case of password reuse as opposed to Apple servers being compromised," agreed Michael Sutton, vp of research at security firm, Zscaler.

"It is likely that a third party database was compromised and authentication credentials stolen that are the same credentials used by the owners of the affected iOS devices. Fortunately, this is a situation where Apple can intervene to reset the device and affected users should not pay the ransom being sought," he said.

Sister title Computerworld has published more detailed advice on coping with the attack.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ApplePersonal Tech



The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments