The mystery of the ransom messages from “Oleg Pliss,” and the iDevice locking attack that popped up in Australia and the US last month, appears to have been solved.
Authorities in Russia said they detained two criminals behind ransom attacks on Apple users that locked their devices remotely and demanded payment to unlock them.
I say “seems to have been solved” because Russian police said the hackers were responsible for the same scam on users in Russia, without mentioning victims in other countries.
The two Russian hackers – a 23-year-old and a 17-year-old from Moscow – reportedly confessed to scamming users into giving away their Apple IDs and using the Find My iPhone feature to lock the devices until the victims paid a ransom of up to $100 USD.
According to The Sydney Morning Herald, Russian media reported the pair of hackers were caught on CCTV when they withdrew victims’ payments from an ATM.
Russia’s Ministry of Internal Affairs stated on its website that agents searched the hackers’ apartments and seized computers, phones, SIM cards and “literature” on hacking.
Russian authorities said the hackers used “two well-known schemes” to perpetrate their attacks, which affected Apple users in Russia.
It seems the two hackers tricked Apple users into giving away their Apple IDs with a phishing scam that asked them to sign up for an online video service that required their Apple IDs.
If a hacker gets hold of your Apple ID they can create an iCloud account which they can then use then lock your iPhone, iPad, iPod or iMac device remotely.
The Sydney Morning Herald reports that victims who locked their phones with passcodes could simply enter it, change their iCloud password and avoid having to pay a ransom.
Users who didn’t set passcodes were less fortunate and had to resort to wiping their devices and restoring them from backups.
If you’ve been hacked by ‘Oleg Pliss’ then we recommend you follow the advice in our earlier article Apple ransomware strikes Australia.
Ransomware and smartphone malware
In the security industry we call cyber attacks that take over your computer and demand payment “ransomware“.
Only recently, however, have crooks figured out how to turn the success of ransomware for PCs into a lucrative racket on mobile devices.
Technically, since the “Oleg Pliss” hackers didn’t drop any malware onto the devices of their victims, the iDevice-locking attack isn’t a real example of ransomware, but it has the same devious purpose – to extort victims for money.
It’s a much different story for Android, which is more susceptible to mobile malware.
A file-encrypting ransomware for Android called Simplelocker was recently discovered, and another kind of ransomware known as a “police locker” has hit Android users who download an infected file claiming to be a video player.
Securing iDevices and Androids
As a security precaution, you should make sure you lock your phone with a secure passcode.
Your Apple ID is the key to your iDevices, so make sure you hold onto it tight (don’t use your Apple ID for a suspicious media-download website, for example).
You should also make sure your iDevices are up to date with the latest iOS software version to stay safe from known exploits.
For Android users, we also recommend using an anti-virus such as Sophos Antivirus and Security, our free app for smartphones and tablets.
For more information on keeping your phones and tablets safe take a look at our 10 tips for securing your smartphone.