Users of iPhone and in some cases iPad are reporting that they are being locked out of their devices as a result of a new Ransom-ware scam that appears to have originated yesterday morning (27-05-2014) in Australia; victims are greeted with a message claiming to be from a group or individual identifying themselves as Oleg Pliss. A ransom of $100 is demanded to release the phone. It would appear that the scam is carried out by accessing a function in Apples iCloud called Find My iPhone (also available for iPad) the feature designed to discourage theft by letting users shut down their smartphone remotely has reportedly being compromised by hackers using it to hold mobiles to ransom.
The message displayed on iPhone a demand for ransom to unlock the device
This is an example of how fraudsters are using legitimate services to commit cybercrime, it would appear that the scam is carried out using stolen login credentials to initially access the users iCloud account and then trigger functionality designed to protect the users iPhone/iPad in the event of theft. (A Hack circumvents a users security to gain access where-as Malware uses introduces code to a device to carry out similar ends).
Of course one doesn’t have to look to hard for where the stolen credentials may have originated as the recent data breaches at Ebay, Mums Net etc. will be providing a wealth of material for future criminal exploitation. The moral is clear, if you haven’t already reset your passwords do it now starting with iCloud.
As of this morning no official comment has been forthcoming from Apple.
Tamites next Security training seminar will take place in July
Is there a fix for this, anything I can download?