A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware.
Instead of their normal home screens, users were greeted with a message promising that their devices would be unlocked if a ransom, somewhere between $50 and $100, was paid.
News around the spate of attacks began to spread early Sunday morning in a post on Apple’s Support message boards where some users claimed they were awoken in the middle of the night by their device’s loud Find My iPhone ping alert.
A corresponding message on affected screens apparently said: “Hacked by Oleg Pliss.”
While it sounds like subsequent messages vary, the first user that complained about the hack claimed another message demanded $100 USD/EUR be sent by Paypal to a specific email account to unlock the device. Other messages asked users to send money via online payment services like Moneypack and Ukash.
For what it’s worth it’s not immediately clear if Oleg Pliss is a real person, let alone the name of the malicious actor behind the campaign. While details around the source remains to be seen – it’s more than likely just a moniker.
It’s also unclear exactly how hackers are compromising the devices but it’s being widely surmised that attackers may be using hacked iCloud accounts to spread the ransomware.
Ransomware refers to the strain of malware that restricts a users’ access unless a ransom – usually money via PayPal/Moneypack/Ukash/PaySafeCard, etc. – is paid to the malware’s author. One type of ransomware, CryptoLocker, famously infected upwards to 250,000 machines – demanding $300 ransoms – last year. The gang responsible for the ransomware went on to tweak it for Android early last month.
According to the Sydney Morning Herald, iPhone users in Queensland, NSW, Western Australia, South Australia and Victoria have been targeted by the scheme while several other reports claim users in New Zealand have also been hit. U.S. users appear to be unscathed from this particular wave of attacks.
In the wake of hacks at Adobe and more recently, eBay, having a unique password for different programs has become paramount. If part of iCloud’s user base was hacked, or if some of its users used the same password for other services and were breached that way, it could echo that sentiment further.
Apple hasn’t publicly commented on the issue yet – emails to the company went unreturned on Tuesday – but it probably wouldn’t be a bad idea for iPhone or iPad users in Australia or New Zealand to change their iCloud passwords, even if they haven’t been hit with the ransomware yet.
Apple has advocated in the past that users take advantage of its two-factor authentication service in order to keep users’ account details as secure as possible. Implemented last year the functionality adds a optional layer of protection to Apple IDs on top of the device’s usual passcode.