Extortion scheme based on ransom request hit Australian Apple Users

Pierluigi Paganini May 28, 2014

Cybercriminals have targeted a large number of Apple’s iCloud users with a sophisticated extortion scheme based on ransom request in Australia.

The 2013 is considered the year of ransomware, the number of infections related to this kind of threat has reached levels never seen before.
Cryptolocker is without doubts the most popular malware of this type, but many other agents have infected Windows users worldwide like LinkUP, the ransomware which blocks the Internet access for the victims by modifying the DNS settings.
As expected by security experts the threat of ransomware is migrating on mobile platform, last week it was discovered a malware campaign  targeting Android mobile users, this week is circulating the news that cyber criminals have targeted a large number of Australian users of Apple’s iCloud with a sophisticated extortion scheme.
Apple users were targeted by the ransomware-like attack which locked iPhone, Mac and iPads through iCloud and a message originating in Apple’s find my device service that stated “Device hacked by Oleg Pliss“.
Apple-Mac-iphone ransom scheme
Following a consolidated extortion scheme the criminals request to unlock the device to send up to US$100 ransom on a specific Paypal account.
“I went to check my phone and there was a message on the screen (it’s still there) saying that my device(s) had been hacked by ‘Oleg Pliss’ and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail.com) to return them to me.” has written on the Apple Support Forum a victim of the new ransomware. 
In reality, Apple users are not facing with a classic infection of their devices, the attackers allegedly hijacked Apple’s Find My iPhone feature, in this way criminals remotely lock iOS and Mac devices and send messages demanding ransom money.
The cyber criminals are using compromised iCloud accounts that were likely not using two-step verification process, for these accounts, hackers are able to gain device access simply using stolen credentials.
In these attack scenario the unique possibility to recover the device for owners of Apple devices is to reset it in “recovery mode“, but this process will erase all data stored on the device and applications installed.
Lesson learned
  • Turn on two-step verification for your Apple ID  Apple’s support page.
  • Never Pay the ransom, in the specific case a PayPal spokesman confirmed that, ‘There’s no PayPal account linked to hacker email addr and any customer who has sent money will be refunded

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Ransom, cybercrime)

you might also like

leave a comment