Ransom-taking iPhone hackers busted by Russian authorities

Filed Under: Apple, Featured, iOS, Law & order, Mobile, Ransomware

iphone-lock-170The mystery of the ransom messages from "Oleg Pliss," and the iDevice locking attack that popped up in Australia and the US last month, appears to have been solved.

Authorities in Russia said they detained two criminals behind ransom attacks on Apple users that locked their devices remotely and demanded payment to unlock them.

I say "seems to have been solved" because Russian police said the hackers were responsible for the same scam on users in Russia, without mentioning victims in other countries.

The two Russian hackers - a 23-year-old and a 17-year-old from Moscow - reportedly confessed to scamming users into giving away their Apple IDs and using the Find My iPhone feature to lock the devices until the victims paid a ransom of up to $100 USD.

According to The Sydney Morning Herald, Russian media reported the pair of hackers were caught on CCTV when they withdrew victims' payments from an ATM.

Russia's Ministry of Internal Affairs stated on its website that agents searched the hackers' apartments and seized computers, phones, SIM cards and "literature" on hacking.

Russian authorities said the hackers used "two well-known schemes" to perpetrate their attacks, which affected Apple users in Russia.

It seems the two hackers tricked Apple users into giving away their Apple IDs with a phishing scam that asked them to sign up for an online video service that required their Apple IDs.

If a hacker gets hold of your Apple ID they can create an iCloud account which they can then use then lock your iPhone, iPad, iPod or iMac device remotely.

The Sydney Morning Herald reports that victims who locked their phones with passcodes could simply enter it, change their iCloud password and avoid having to pay a ransom.

Users who didn't set passcodes were less fortunate and had to resort to wiping their devices and restoring them from backups.

If you've been hacked by 'Oleg Pliss' then we recommend you follow the advice in our earlier article Apple ransomware strikes Australia.

Ransomware and smartphone malware

In the security industry we call cyber attacks that take over your computer and demand payment "ransomware".

The most famous ransomware is the notorious CryptoLocker, which authorities recently knocked out by taking over the cybercriminals' command and control servers.

Only recently, however, have crooks figured out how to turn the success of ransomware for PCs into a lucrative racket on mobile devices.

Technically, since the "Oleg Pliss" hackers didn't drop any malware onto the devices of their victims, the iDevice-locking attack isn't a real example of ransomware, but it has the same devious purpose - to extort victims for money.

It's a much different story for Android, which is more susceptible to mobile malware.

A file-encrypting ransomware for Android called Simplelocker was recently discovered, and another kind of ransomware known as a "police locker" has hit Android users who download an infected file claiming to be a video player.

Securing iDevices and Androids

iphone-5-lock-screen-170As a security precaution, you should make sure you lock your phone with a secure passcode.

Your Apple ID is the key to your iDevices, so make sure you hold onto it tight (don't use your Apple ID for a suspicious media-download website, for example).

You should also make sure your iDevices are up to date with the latest iOS software version to stay safe from known exploits.

For Android users, we also recommend using an anti-virus such as Sophos Antivirus and Security, our free app for smartphones and tablets.

For more information on keeping your phones and tablets safe take a look at our 10 tips for securing your smartphone.


Image of locked iPhone courtesy of Shutterstock.

, , , , , , , , , ,

You might like

One Response to Ransom-taking iPhone hackers busted by Russian authorities

  1. Ron · 131 days ago

    Isn't an Apple ID commonly a person's primary email address, and is required to be some form of email address (http://support.apple.com/kb/ht5621)? This is a piece of information that people already share. A lot. It seems as though the only safe means of securing an Apple ID then is to create a new, random email account, and use this as an Apple ID. Or, Apple could get this right in the first place and not require an personally identifying piece of information as part of the authentication credentials. Is another solution to simply create an iCloud account for an Apple ID before some hacker does?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Zorabedian is a blogger, copywriter and editor at Sophos. He has a background in journalism, writing about technology, business, politics and culture. He lives and works in the Boston area.