The hackers behind last month’s iPhone ransomware campaign – in which many users were asked to pay $100 to unlock their devices – may be behind bars now.
A press release on the Russian Interior Ministry’s website yesterday claims two men were recently arrested for the “blocking of Apple devices to extort funds,” a scheme that fits the description of what happened last month.
In late May a scourge of ransomware hit hundreds of Australians’ iPhones and iPads that purported to come from Oleg Pliss. The attackers locked users out of their devices unless they agreed to pay $100.
The announcement claims that two unnamed residents of the Southern Administrative District of Moscow, one born in 1991 and one born in 1998, were recently detained. One of the purported hackers has been tried in the past according to the Ministry. The release claims the Ministry began to receive reports earlier this spring of “remote blocking of mobile and stationary [Apple] devices” and “mailing list messages demanding money” or else the data would be wiped from the devices.
According to the Ministry the criminals used two “well-established schemes.”
One of them was hacking users’ email accounts and elaborate phishing pages to glean victims’ Apple ID credentials. The second scheme – which may or may not related to the Oleg Pliss scam – allegedly bound devices to prearranged accounts and used “various internet resources to create ads.” Those ads promised access to Apple ID accounts that contained “a large amount of media content.” As soon as someone accepted the offer and linked their device to the account, attackers hijacked the devices.
The Ministry claims it searched the defendants’ apartments and seized computer equipment, SIM cards and phones that were used in “illegal activities,” along with literature on hacking computer systems.
The two gave a confession and are expected to be charged with unauthorized access to computer information under Article 272 of the Criminal Code, according to authorities.
Just two weeks ago iPhone and iPad users in Australia and New Zealand awoke to a loud Find My iPhone notification ping. When they looked at their screens they saw a message that claimed their devices had been “Hacked by Oleg Pliss.” The message also demanded users send a voucher of $100, via an online money transfer site, to unlock their devices.
It’s still not entirely clear who or what Oleg Pliss is – Russian authorities wouldn’t outright make that connection – but it sounds entirely possible the men jailed could be behind the campaign, or perhaps a band of copycat hackers.
It was initially thought that iCloud, Apple’s cloud storage service, had been compromised as the attackers were able to send out notifications via the Find My iPhone feature but in the days following the attacks Apple insisted that was not the case.
The Cupertino-based company did however urge affected users to change their Apple ID passwords as soon as possible and cautioned that password reuse – users using their iCloud password for another service – could be to blame.