Apple device and Mac users should be aware that they may be targeted by hackers who lock you out of your device before demanding payment of a ransom.
In recent hours, a number of Australian Apple users have reported the ransom attack targeting their devices.
The information available is limited and may be updated as more information emerges.
With the possibility that this attack is linked to your ‘Apple ID’, affected users are advised to reset your Apple ID password as soon as possible.
Users not affected may also consider changing their Apple ID password as a precaution.
Your Apple ID is your username for everything you do with Apple. It is used for identifying you as a user for most Apple products including iTunes, all your Apple devices, iCloud, the Apple Store and others.
At present many users are reporting that their phones or systems lock unexpectedly, they receive an email from ‘Find My iPhone’ and a message on their screen stating that their device has been, ‘Hacked by Oleg Pliss’. The message said that to unlock their device they should pay a ransom via PayPal, emailing the payment code to lock404[a]hotmail.com.
Currently there is only speculation about how the attacks have been carried out. Apple has not yet responded officially.
Reports by affected users suggest that this attack is possibly the result of hackers compromising the device owner’s Apple ID and using this to access their iCloud account. From their iCloud account a hacker can activate the device’s ‘Lost Mode’, and possibly reset the phone’s access code.
It is not confirmed if or how these Apple IDs and passwords were accessed, but suggestions include that hackers may be simply reusing information they may have discovered during a breach of other online services. Unfortunately, many people still commonly reuse the same password for many of their online accounts.
A hacker with access to your Apple ID can potentially lock any device associated with it remotely, they can see data you have stored in iCloud, access your Apple Store purchases and potentially set up two-step verification (also known as two-factor authentication) on your device, locking you out of your phone completely, and even remotely erase your device.
It is reported that affected users did not previously have two-step verification enabled on their devices.
Initial information also suggests that users who already have a passcode set on their device are still able to unlock it, but any users who do not have a passcode set may now encounter a lock code set by the hacker.
What can you do?
Do not pay the ransom.
Change your password for your Apple ID. You can use your Apple ID to recover your device(s) if it has been locked by the hacker.
You can switch off Lost Mode via iCloud.
If the hacker has set a new passcode lock on your device, you may be able to bypass this by using one of the methods suggested by Apple, however you should note these involve either erasing, resetting, or restoring your device from back up (if you have one).
Set up two-step verification for your Apple ID. Turning on two-step verification reduces the possibility of someone accessing or making unauthorised changes to your account information. Two-step verification requires both your password and a separate verification code sent to your phone (or other trusted device) in order to log in.
Affected users should contact Apple directly for more information. Apple has been able to help affected users recover their devices.
More specific advice may be provided by Apple shortly.
Apple’s online discussion of this issue.