Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Hackers Remotely Locking Some Macs and iOS Devices in Australia for Ransom

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,533
30,842



A number of iOS and Mac users in Australia are reporting a growing issue on Apple's support forums (via The Age) in which hackers are locking iPhones, iPads and Macs remotely through iCloud. Compromised devices are also displaying warning messages offering unlocks for money.

australian_ios_device_hacked.jpeg
A hacker's message on a compromised iMac (via The Age)​
Member veritylikestea on Apple Support Communities:
i was using my ipad a short while ago when suddenly it locked itself, and was askiwhich I'd never previously set up. I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR to return them to me.
Click to expand...
Member Sei_L on Apple's forums also reports a similar message:
Same things here, both Ipads got the "hacked by Oleg Pliss" message, both have passcodes. In Western Australia also. I've chatted with Apple Chat and they said "this is very serious." They've set up a phone call back from the correct department (whoever they are) tomorrow morning so we'll see what happens then. We can access the ipads because they both had passcodes but when an app is used, it comes up with GameCentre password request; we didn't put it in.
Click to expand...
IT security expert Troy Hunt commented on the specifics of the issue, stating that the hackers are likely using compromised data exposed from recent security breaches to login to iCloud accounts. Hunt also notes that the accounts hacked were likely not using two-step verification, suggesting that a single password would have not had granted access had the feature been turned on.

Apple has yet to officially comment on the issue, although users are encouraged to turn on two-step verification for their Apple ID with directions available on a support page.

Article Link: Hackers Remotely Locking Some Macs and iOS Devices in Australia for Ransom
 
Article Link
https://www.macrumors.com/2014/05/27/hackers-locking-macs-ios-devices-australia/
surfingarbo

surfingarbo

macrumors regular
Jun 12, 2011
114
294
Sigh, I wish my devices were hacked. It would force me to actually go outside and admire real life.
 
EdgardasB

EdgardasB

macrumors 6502a
Apr 14, 2014
618
80
Lithuania
Emmm what for those countries which isn't supported with Apple iCloud two-step verification? -.-' iCloud keychain sms verification works for my country like Google, Hotmail, dropbox and etc while Apple don't give a ***** about iCloud two-step...shame
 
Ludatyk

Ludatyk

macrumors 603
May 27, 2012
5,360
4,351
Texas
I'm on the 2-step password verification... but I was under the impression that if I logged under "iCloud.com" to check my email. I would be prompt to have a secondary security check.

But the 2-step password verification only works for appleid.apple.com.. as far as I know. I have 2 step verification with Google, Microsoft & Dropbox and all them have some form of secondary check with their logins.

Is "icloud.com" separate from the 2-step verification?
 
haruhiko

haruhiko

macrumors 604
Sep 29, 2009
6,529
5,875
Using a different password for possibly insecure websites is very important.
 
C

Cougarcat

macrumors 604
Sep 19, 2003
7,766
2,553
Ludatyk said:
I'm on the 2-step password verification... but I was under the impression that if I logged under "iCloud.com" to check my email. I would be prompt to have a secondary security check.

But the 2-step password verification only works for appleid.apple.com.. as far as I know. I have 2 step verification with Google, Microsoft & Dropbox and all them have some form of secondary check with their logins.

Is "icloud.com" separate from the 2-step verification?
Click to expand...

The verification only happens when you set up a new device, you change your account info (i.e log in to applied.apple.com) or when you forget your password.
 
stiligFox

stiligFox

macrumors 65816
Apr 24, 2009
1,483
1,328
10.0.1.3
This has me very worried. I'm mostly concerned to see how they got in -- via guessing from a password from another site or from Apple's servers (however unlikely that maybe).

It's late where I am, and when I'm tired I tend to overreact about things, but this makes me think twice about using Keychain/Find My Mac!

This is all the things that's wrong with cloud stuff -- when we have the possibility to loose even 5% of the control over our device, it becomes very insecure. Having my data held for ransom is not on the top of my bucket list...
 
B

BeefJerky

macrumors newbie
Feb 14, 2014
25
1
Australia
This is so nerve wracking. Especially since I live in Australia. I'm not sure what actions that apple can take to rectify this issue, perhaps they will provide a software update?

So really no one is safe, even if you have a password prior to it being hacked?
 
ChazUK

ChazUK

macrumors 603
Feb 3, 2008
5,393
25
Essex (UK)
This article just reminded me to update all of my 2 step authentication details.

2 old phone numbers and various devices I no longer own linked to my account. Luckily I had my master key hand to do so.

All done!
 
V

viizi

macrumors regular
Dec 2, 2010
224
68
it's alright, hackers are usually very negative people which will in turn affect their health they will die off soon enough.
 
L

lk400

macrumors 65816
Aug 26, 2012
1,050
630
BeefJerky said:
This is so nerve wracking. Especially since I live in Australia. I'm not sure what actions that apple can take to rectify this issue, perhaps they will provide a software update?

So really no one is safe, even if you have a password prior to it being hacked?
Click to expand...

There have been a few high profile data breaches of (non-apple) sites lately. Most likely that data has been used to do this. No update can fix that. Just change your passowords, use different passwords from different sites, and where possible dont give custom to companies who dont respect your personal data, like ebay.
 
W

WallToWallMacs

macrumors regular
Jan 26, 2014
166
0
Maybe it would be best if such idiots didn't have passwords like 'password123' then whine when someone hacks then. Honestly, I wish there was a fine for those idiots who choose stupid passwords and then find themselves hack - $1,000 fine would be a good incentive to stop people from being idiots.
 
N

NitinNike

macrumors member
Apr 10, 2012
76
0
I am afraid that they will have access to all the passwords saved in iCloud Keychain.
My country doesn't have 2-step verification #.
 
APlotdevice

APlotdevice

macrumors 68040
Sep 3, 2011
3,145
3,861
I think these schmucks should be aquatinted with some of Australia's indigenous fauna as punishment.

thaifood said:
Australia is geographically about the same size as North America :)
Click to expand...

Not really: NA is 24.3 million square kilometers, whereas Australia is only 7.6 million square kilometers. Now if you meant the continental US, then yes, it is pretty close (e.g. 7.7 million square kilometers (if you only count land)).
 
Last edited:
D

declandio

macrumors 6502
Apr 3, 2009
451
1
London, UK
WallToWallMacs said:
Maybe it would be best if such idiots didn't have passwords like 'password123' then whine when someone hacks then. Honestly, I wish there was a fine for those idiots who choose stupid passwords and then find themselves hack - $1,000 fine would be a good incentive to stop people from being idiots.
Click to expand...

There should also be a fine for presumptuous posts made by idiots who think they're somehow superior to people they know nothing about.
 
T

thaifood

macrumors 6502
Jun 8, 2011
310
96
APlotdevice said:
I think these schmucks should be aquatinted with some of Australia's indigenous fauna as punishment.



Not really: NA is 24.3 million square kilometers, whereas Australia is only 7.6 million square kilometers. Now if you meant the continental US, then yes, it is pretty close (e.g. 7.7 million square kilometers (if you only count land)).
Click to expand...

Yea, I implied continental US.
 
7thson

7thson

macrumors 65816
May 13, 2012
1,357
1,469
Six Rivers, CA
I'd be more freaked out if this was happening in multiple countries. It just being in Australia suggests that the security breach is localized and the victims probably had redundant logins and passwords. We'll see, hopefully. I'm glad I ponied up for 1 Password recently. It's kind of a hassle on iOS but it's worth it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom