A number of users in Australia woke up yesterday to find their iDevices hacked and held for ransom by a certain “Oleg Pliss” who instructed them to send $100 / €100 to a PayPal account to have the device unlocked. A real Oleg Pliss is a software engineer working at Oracle and he is most certainly not involved with the hack.
The ransomware has been confirmed by users of Apple Support Communities, where one customer (identified as veritylikestea on Apple’s forums) relays his experience as follows:
“I was using my ipad a short while ago when suddenly it locked itself, and was askiwhich I'd never previously set up. I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by ‘Oleg Pliss’ and he/she/they demanded $100 USD/EUR [...] to return them to me.”
“I have the exact same problem, with the same message from ‘Oleg Pliss,’” writes another user identified as Rojmer. “I assume I can erase my phone, but is there anything else that can be done? I have changed my iCloud password.”
Well, using two-factor authentication can help, and setting a passcode lock on your device would also prevent the hacker from holding it hostage.
iPad, iPhone and Mac owners in Queensland, NSW, Western Australia, South Australia and Victoria have reported having their devices held hostage. Apple allows customers to enable two-factor authentication at http://support.apple.com/kb/ht5570.
The Sydney Morning Herald cites IT security expert Troy Hunt as saying that the hackers are using compromised login credentials from recent data breaches to hold the devices hostage. The gist of it is this: using the same password across multiple online services can put it at risk.
“It’s quite possible this is occurring by exploiting password reuse,” Mr. Hunt said. “Regardless of how difficult someone believes a password is to guess, if it's been compromised in another service and exposed in an unencrypted fashion, then it puts every other service where it has been reused at risk. Of course it also suggests that two-factor authentication was likely not used as the password alone wouldn't have granted the attacker access to the iCloud account.”
According to the report, customers in Queensland, NSW, Western Australia, South Australia and Victoria have all reported the hack, with some even getting logged out of their Macs. Apple can do little to alleviate the issue, but customers are told to consider changing their Apple ID passwords once they regain control of their iDevice.
Affected users must contact Apple directly to regain access to their account, according to the Australian newspaper.