iOS Device Ransom Attacks Continue to Target Users in U.S. and Europe

A few years ago, a number of users in Australia were victimized by attackers remotely locking iPhones, iPads, and Macs using Find My iPhone on iCloud. Compromised devices typically displayed Russian ransom messages demanding payments of around $50 to $100 for the device to be unlocked.

australian_ios_device_hacked

A ransom message targeting a Mac in 2014 with the common pseudonym "Oleg Pliss"

At the time, IT security expert Troy Hunt noted that the attackers were likely using compromised emails and passwords exposed from various online security breaches to log in to iCloud accounts. AOL and eBay, for example, were among several high-profile companies that suffered data breaches in 2014.

Apple later confirmed that iCloud was not compromised, and that the eventually-arrested attackers had instead gained access to Apple IDs and passwords through external sources. Russian website MKRU said the attackers obtained the credentials via phishing pages and social engineering techniques.

Since then, CSO security blog Salted Hash has discovered that, since at least February of this year, these ransom attacks have returned and now target users in the U.S. and Europe. The methods used by attackers are said to be the same ones used in 2014, starting with a compromised Apple ID.

It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim's device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.

In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they're told they have 12 hours to comply or their data will be deleted.

The website shared screenshots and linked to a number of Facebook, Twitter, and Reddit users whose devices appear to have been held for ransom in recent months, but there is speculation that the problem could be much larger than that. The following excerpt is highly questionable, however, and could very likely be incorrect.

Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.

Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."

The message goes on to state that the alleged breach was conducted by a Russian actor, and vector "seems to be via iCloud to the 'locate device' feature, and is then locking the device and asking for money."

The report adds that "for now, let's assume there hasn't been a massive iCloud data breach." Apple has not commented on the matter.

Given that the Apple ID credentials involved in the ransom attacks are believed to originate from online security breaches, Salted Hash pointed towards a recently compromised Mac-Forums.com database, which allegedly includes 291,214 accounts, being sold for around $775 on the darknet.

There is currently no evidence to suggest that the Mac-Forums database has any relation to these ransom attacks, but users with an account on that website should change their passwords out of an abundance of caution. Setting a device passcode and enabling two-factor authentication for your Apple ID is also highly recommended.

Apple has a support document outlining steps to take if you think your Apple ID has been compromised. Also read security and your Apple ID.

Top Rated Comments

LordQ Avatar
77 months ago
Apple under Tim Cook is slipping...
WTF? That comment doesn't make any sense here.
Score: 57 Votes (Like | Disagree)
djcerla Avatar
77 months ago
Apple under Tim Cook is slipping...
Reading comprehension is slipping faster, apparently.
Score: 39 Votes (Like | Disagree)
Tubamajuba Avatar
77 months ago
Apple under Tim Cook is slipping...
Apple is responsible for third party security breaches? Really now.

I've got an idea! Let's start reading articles instead of making baseless comments after glancing at a headline. Deal?
Score: 33 Votes (Like | Disagree)
Kaylor Avatar
77 months ago
Apple under Tim Cook is slipping...
What does Tim Cook have to do with people using weak passwords, using the same passwords between accounts, not changing them regularly, ect. ?
Score: 27 Votes (Like | Disagree)
BittenApple Avatar
77 months ago
Apple under Tim Cook is slipping...
Score: 15 Votes (Like | Disagree)
sziehr Avatar
77 months ago
This sort of thing makes me wonder why companies have not latched on more vigorously to things like touchID. I can not just impersonate that over the phone in a far off land. I have to get into your secure enclave or have your physical phone. This is the direction everything needs to go.
Score: 7 Votes (Like | Disagree)

Popular Stories

maxresdefault

Unbox Therapy Shares Hands-On Look at iPhone 14 Pro Max Replica

Monday May 16, 2022 4:40 am PDT by
YouTuber Unbox Therapy has shared a hands-on look at the iPhone 14 Pro Max using what he claims is a one-to-one replica created by third-party case makers with access to detailed schematics and dimensions for Apple's new upcoming flagship smartphone. As with the iPhone 13 Pro lineup, in 2022, we are expecting a 6.1-inch iPhone 14 Pro and a 6.7-inch iPhone 14 Pro Max, but this time the Pro...
macOS Monterey 2

Apple Releases macOS Monterey 12.4 With Support for Studio Display Webcam Update

Monday May 16, 2022 10:10 am PDT by
Apple today released macOS Monterey 12.4, the fourth major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.4 comes over two months after the launch of macOS Monterey 12.3, an update that added Universal Control. The ‌‌‌‌‌macOS Monterey‌‌ 12.4 update can be downloaded on all eligible Macs using the Software Update section of System...
iOS 15

Apple Releases iOS 15.5 and iPadOS 15.5 With Wallet and Podcast Updates

Monday May 16, 2022 10:00 am PDT by
Apple today released iOS 15.5 and iPadOS 15.5, the fifth major updates to the iOS and iPadOS 15 operating systems that were initially released in September 2021. iOS and iPadOS 15.5 come a little over two months after the launch of iOS 15.4 and iPadOS 15.4. The iOS 15.5 and iPadOS 15.5 updates can be downloaded for free and the software is available on all eligible devices over-the-air in...
iOS 16 mock for article

Gurman: iOS 16 to Include New Ways of System Interaction and 'Fresh Apple Apps'

Sunday May 15, 2022 6:14 am PDT by
iOS 16 will include new ways of interacting with the system and some "fresh Apple apps," Bloomberg's Mark Gurman has said, offering some more detail on what Apple has in store for the upcoming release of iOS and iPadOS set to be announced in a few weeks at WWDC. In the latest edition of his Power On newsletter, Gurman wrote that while iOS 16 is not likely to introduce a major face-lift to...
Prosser Series 8 3

Apple Watch Series 8 Rumored to Feature New Design With Flat Display

Wednesday May 18, 2022 6:21 am PDT by
The Apple Watch Series 8 could feature an all-new design with a flat display, according to the leaker known as "ShrimpApplePro." In his latest video on the YouTube channel Front Page Tech, Jon Prosser highlighted information from ShrimpApplePro that suggests the Apple Watch Series 8 could feature a flat display in what seems to be a design originally rumored for the Apple Watch Series 7. ...
Whatsapp Feature

WhatsApp to Let Users Leave Group Chats 'Silently' and View Rich Link Previews in Status Updates

Tuesday May 17, 2022 3:07 am PDT by
WhatsApp is working on a new feature that will allow users to "silently" leave group chats hosted by the messaging platform instead of all members of the group being notified when they do. As it stands, when someone leaves a group chat, WhatsApp announces their exit to the entire group, making the act of leaving very public. It's not possible right now to leave a group quietly, but WhatsApp...
apple tv 4k design green

Apple Releases tvOS 15.5 for Apple TV HD and Apple TV 4K

Monday May 16, 2022 9:57 am PDT by
Apple today released tvOS 15.5, the fifth major update to the tvOS operating system that first launched in September 2021. tvOS 15.5 comes more than two months after the release of tvOS 15.4, an update that brought support for captive WiFi networks. tvOS 15.5 can be downloaded over the air on the Apple TV through the Settings app by going to System > Software Update. ‌‌‌‌‌‌Apple...