Many iDevices across Australia locked up by hackers, ransom required for unlocking
It appears that a plethora of users in Down Under have fallen victims to a pretty vast ransomware attack, which affects Apple iPhones, iPads, and Macs alike. A wide array of these got remotely locked up by ill-doers, who exploited the Find My iPhone feature and rendered the affected devices literally unusable. On top of it all, the crackers behind the attack sent multiple ransom notes that demanded the affected users to pay between 50 and 100 Australian dollars to a certain PayPal account in order to regain control of their beloved gadgets. Most of the ransom notes state that Oleg Pliss was the cracker behind the malicious attack.
It is also important to say that the affected devices got locked up by no malicious app or program. The culprits for the unfortunate event are nothing else but compromised Apple IDs, the passwords for which could have been easily stolen "from recent data breaches". If we also take into consideration that most people tend to use one and the same password for years, it comes to no surprise that the wrongdoers succeeded in locking up a big number of Apple devices.
Fortunately, Apple IDs with a two-step authentication have not been affected by the scam. In addition, those unlucky owners of Apple devices with passcodes easily succeeded in reclaiming control of their gadgets.
Still, it seems that some of the affected users fell into the trap and sent money to the email that Oleg Pliss listed in the ransom notes. Interestingly, a PayPal representative revealed that there was no PayPal account linked to the email in question. It was also said that any money that had been forwarded to the email will be refunded in a timely fashion.
Meanwhile, local Australian carriers advised the affected users to contact Apple so that they can regain access of their accounts as soon as possible. However, Cupertino has not issued an official statement on the matter yet.
source: Brisbane Times via The Verge
"It’s quite possible this is occurring by exploiting password reuse. Regardless of how difficult someone believes a password is to guess, if it's been compromised in another service and exposed in an unencrypted fashion, then it puts every other service where it has been reused at risk," claimed Troy Hunt, an IT security expert.
Fortunately, Apple IDs with a two-step authentication have not been affected by the scam. In addition, those unlucky owners of Apple devices with passcodes easily succeeded in reclaiming control of their gadgets.
source: Brisbane Times via The Verge
Things that are NOT allowed: