iPhone, iPad and Mac users in Australia and New Zealand (and possibly elsewhere in the world) have been seeing a very strange message appear, demanding that they pay a ransom to regain access to their devices.
Here are answers to some of the questions.
What has happened?
For the last day or so, Antipodean Apple fans have been posting on the company’s support forum, asking how they can restore access to their iPhones, iPads and iMacs after a mysterious message appeared demanding a ransom be paid.
What did the message look like?
Part of the message was included in this photograph taken by the Sydney Morning Herald in its report.
Locked iMac. Image source: Sydney Morning Herald
“Hacked by Oleg Pliss. For unlock device YOU NEED send voucher code by 100 $/eur one of this(Moneypack/Ukash/PaySafeCard)to [email address]”
How would you know if you were a victim?
You would no longer be able to access your iPhone, iPad or iMac as it would be locked by the same “Find my iPhone” technology that you can use if you mislay or have your device stolen.
Some victims reported that the message suddenly appeared on their devices in the middle of the night.
Woken up at 2am by hacked 'Find My iPhone' asking for money, no sleeping after trying to sort that out so at work at 6am: Today will be fun.
— Casey Maree (@_caseymaree_) May 26, 2014
How did the attackers manage to lock other people’s devices?
There are a few possibilities.
Could Apple ID accounts have been better protected?
Although the precise details of what occurred are not yet clear, what is certain is that Apple users who use two-factor authentication to protect their Apple ID accounts will be better protected from being compromised.
Two-factor authentication (sometimes called two step verification) makes life much harder for hackers attempting to hijack control of your accounts and devices, as it means they require more than just your username and password. They also need a one-time password (OTP) that is sent to your device itself.
In addition, you can set up a 14-digit recovery key that you can print out and keep in safe place. Apple suggests you keep the recovery key to regain access to your account, or if you ever lose access to your devices or forget your password.
Who is Oleg Pliss?
We have no idea. But, of course, it’s extremely likely that it’s not the real name of the criminal behind this attack. (Unless they’re very dumb).
A quick search on LinkedIn reveals a computer scientist named Oleg Pliss. There is no reason to believe that he is behind the attack however. More likely this is mischief-making by the criminals.
How do the bad guys make money?
From the sound of things, they are asking victims to electronically transfer money to their email address.
A posting on the Apple Support forum says that the criminals gave a Hotmail address which they requested be sent funds via PayPal, but of course that account could belong to an innocent individual.
Similarly, Oleg Pliss might be the name of someone being framed by the criminals behind the attack. If that’s the case, it’s a little pathetic. My guess is that they’ve used the name as a joke.
Well, I’m not laughing. How do I restore access to my device?
The most important thing is not to pay any money to the criminals. That will only encourage them to launch further attacks, and there is no guarantee that they will unlock your device.
Instead, erase your device using Recovery Mode and restore from a backup:
You may also find this Apple support knowledgebase article useful.
Afterwards, enable two-step verification for your Apple ID (if available in your country), and ensure that you are never re-using passwords on the internet.
What else?
Follow the discussion on the Apple Support community forum for updates from other affected users.
