Step one: Leaked credentials.
Step two: “Find My iPhone” – lost mode.
Step three: Lock user out and leave a ransom message.
Approximately 40 million iCloud accounts are rumoured to be hacked, but according to CSO Online, that number is likely overblown. However, since February of this year, Apple users have been reporting their locked devices have displayed ransom demands in Russian. This attack style started in 2014 by a Russian using the name “Oleg Pliss” who had obtained an unknown number of Australian Apple devices for ransom, demanding a payment of $100. Russian authorities arrested two men later that year, and it was assumed that this scam was finished. Now these scams have returned and are targeting American and European users.
According to CSO Salted Hash blog, “It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point they can lock device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it. In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they’re told they have 12 hours to comply or their data will be deleted.”
(In some cases, attackers threatened to release data to public and users contacts)
The source of the leaked credentials is unknown at this point, but the rumor mill is suggesting they may have come from a recently compromised Mac-Forums.com database. This hack included 291,214 accounts that are being sold for approximately $775 USD on the dark web.
As a precaution, we recommend that you immediately change your iCloud password, and enable a two-step verification. These can both be done inside of your iCloud Settings screen.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.