In the last couple of days Australian and New Zealand iPhone, iPad and iMac users have been locked out of their devices after a mysterious message appears demanding a ransom to be paid.
Users are no longer able to access their iPhone, iPad or iMac as it is locked by the same “find my iPhone” technology that you can use if you have your device stolen.
No one is quite sure how the attackers mange to lock the devices or why it appears to have only targeted Australian and New Zealand users. The theories vary from hacking Apple users’ accounts to trigger the “lost iDevice” process, stolen database of usernames and passwords, simple and easy to crack passwords, Malware, and phishing campaigns, to a popular service being hacked. But none of the theories explain why only Australian and New Zealand users seem to be affected.
While it sounds like the attackers are attempting to get users locked out of their devices, to electronically transfer money to their email address; in return for their device to be unlocked, no one is sure who is behind the attack, although the message demanding a ransom appears to be from Oleg Pliss and contains an email address, it is very likely this is not the real name of the criminal. A posting on Apple Support shows the message to be:
“Hacked by Oleg Pliss. For unlock device YOU NEED send voucher code by 100 $/eur one of this (Moneypack/Ukash/PaySafeCard) to [email address] “.
Apple Support suggest using a two-factor authentication to protect their Apple ID accounts from being compromised. This two-step verification makes it harder for hackers to gain control of your accounts and devices, as it means they require more than just your user name and password. Users can also set up a 14-digit recovery key that you can print out and keep in a safe place; you can use the key to regain access to your account if you ever lose access or forget your password.
For those affected by the hack, Apple suggest most importantly not paying any money, as it is not guaranteed they will unlock your device and will only encourage further attacks.
Instead, users should erase their device using Recovery Mode and restore from a backup:
Disconnect all cables from your device.Turn off your device.Press and hold the Home button. While holding the Home button, connect your device to iTunes. If your device doesn’t turn on automatically, turn it on.Continue holding the Home button until you see the Connect to iTunes screen.iTunes will alert you that it has detected a device in recovery mode. Click OK, then restore the device.