Apple devices held for ransom, amid massive iCloud account hack rumours

Steve Ragan of CSO Online:

"On July 1, Alanna Coca noticed her iPad had started beeping. When she opened the cover, the lock screen had a message displaying a phrase in Russian – "Dlya polucheniya parolya, napshite na email" – followed by a Gmail address."

"Roughly translated, the phrase was telling her that in order to receive a password, she'll need to email the address displayed."

Such attacks aren't unusual (you may remember a message from Russian hacker Oleg Pliss popping up on some users' iMacs, iPhones and iPads back in 2014), and are perpetrated by a hacker putting a victim's device into lost mode after breaking into their Apple ID account.

A message sent by the hacker to the locked device asks for the victim to get in touch to arrange the ransom payment, and may even make a veiled threat that the device's data will be erased if cash is not transferred promptly.

What spices things up a little more this time is that Ragan reports rumours of a massive data breach at Apple potentially impacting 40 million iCloud accounts.

That may be nonsense, of course - it's possible that accounts have fallen under the control of hackers because of less sensational reasons - such as poor password choices, phishing or reusing the same password on multiple sites.

What is clear is that some Apple users are having their devices hijacked by extortionists. So make sure that you have a unique, hard-to-crack, hard-to-guess password protecting your Apple ID account.

And, if you haven't already done so, I strongly recommend enabling two-step verification on your Apple ID account to make it harder for hackers to break in.

Read more on CSO Online.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

,

4 Responses

  1. Brett

    July 16, 2016 at 10:55 pm #

    Thanks for this article. I woke up this morning to these messages on my iPhone and emails from apple saying "lost iPad and iphone" has been activated. So happy to know it was not only me.

  2. Yen

    July 19, 2016 at 4:46 pm #

    Same thing to me…

  3. Sailorwind

    July 22, 2016 at 4:50 pm #

    This happened to me on Monday on all my Apple devices. Important to note that you do NOT need to pay these people. Even if they erase your device, most Apple products have iCloud backups you can use. First step when you see this message should be to try and log into your account on the computer and change your password. Then you can log into iCloud and turn off lost mode on your device. You may still need to do an iTunes backup of your device, but Apple Support was very good about walking me through the whole process and my devices are all fine now, no money spent.

  4. Jackson

    August 2, 2016 at 2:04 pm #

    This happened to me yesterday. I got three iCloud emails. They used the find my iPhone ability to send a message in english that pointed to a gmail account (unlockyouripad@gmail.com or something similar, I was tired and didn’t take the time to write it down). Luckily, I already had a code that they could not or did not change and only put a message about sending $50. I had email notifications set up.
    First I got the “Your Apple ID was used to sign in to iCloud via a web browser”.
    Then I got “Lost mode enable”
    Then I got ” has been found”
    Anyway, I spent the night changing passwords. None were the same to begin with, but with all the data breaches, I did not want to get caught unaware.
    The crappy part is I have to wait 4 days to enable two step verification with Apple. Also, a lot of online accounts still do not have this ability.

Leave a Reply