Apple devices in Australia hit by rampant ransomware

By JC Torres/May 27, 2014 6:30 am EST

Apple users down under are in distress as they find themselves locked out their devices. Whether it be a Mac, iPad, or iPhone, a good number of Apple users in Australia are unable to use their devices and are instructed to electronically wire money if they ever want to use their smartphone, tablet, or computer ever again.

Ransomware, or malware that locks out users from using their devices until an amount is paid, isn't exactly new. The coverage of this recent incident, however, is quite unprecedented and its extent is quite alarming. The exact number of affected users are still unknown, but reports and complaints have been coming in from all corners of Australia, from Queensland to New South Wales, to Victoria, to West and South Australia. All of them bear the same mark, a message informing users that they have been hacked by Oleg Pliss and that they should pay $50, sometimes $100, via PayPal. The incident seems to also be tied with the Find My iPhone functionality, a feature that allows users to locate and remotely lock their devices, usually in case of loss or theft. It is then quite ironic, though not necessarily unforeseen, that it would be used in a contrary manner.

One IT security expert believes that the hacker, or hackers, have been able to take hold of user passwords from past hacking incidents. Users, as a general rule, have very poor password habits. In the almost rare occasion that they do use strong passwords, they use the same password for almost everything. Thus, if one account has been compromised somewhere, hackers that are able to gain that information can more easily try that information elsewhere.

Since this particular incident seems to be intimately tied to the owner's iCloud account, it seems that those affected did not yet set up two-factor authentication on their accounts. While some might see it as an added inconvenience, two-factor or two-step authentication adds another layer of security by requiring a special code that is sent only to the user's mobile device. Of course, if the thief has both account details and the device itself, that would be an entirely different problem. It does, however, help to prevent incidents like this from becoming rampant.

For now, the only recourse affected users have is to contact Apple, whose lines are most likely clogged because of this issue. Apple does provide a way to help users recover access to their device, but should all else fail, Apple's customer support will be their last hope. And should users be able to regain sovereignty over their Apple devices, it would definitely be wise and sage advice to quickly change their passwords, and maybe other passwords that they have elsewhere as well.

SOURCE: The Age