This week, some iPhone owners in Australia got a rude awakening: their phones were hacked, locked, and held for ransom. A hacker named "Oleg Pliss" instructed owners to send money to a PayPal account in order to unlock their devices. Some users in the United States experienced a similar message.
If the iPhone owner has a passcode on their device, they seemed to be able to get back in. Those who didn't had to restore their devices to factory settings. (That's why you should back up to iTunes regularly!)
Ransomware hackers usually charge between $60 to $200 to allow the user back into their device. It total, victims have ended up paying about $5 million per year in ransom to hackers, according to NPR. It used to be most prevalent with desktop and laptop computers, though it is now being seen in mobile devices more often.
Considering all the recent high-profile hacks of corporations — Target, Yahoo, eBay, and most recently Spotify — hackers have gained access to a wide variety of email addresses and passwords. These emails overlapped with Apple IDs, and passwords often overlap with emails, and are also relatively easy to guess from having just a small sample of a user's digital presence
Our phones are our most near and dear technology. We sleep with them, use them more than any other device, and most people would even put themselves in danger to retrieve their stolen phone. Now that they are being more susceptible to hacking, there are some basics things that you should do to prevent an attack. First, enable a passcode. Then, start using two-step verification for your accounts. Almost everyone offers this; usually it'll just involve confirming your device login via a text message, but the security benefits are tremendous.
In the event that you were affected by the "Oleg Pliss" hack, or a similar ransomware hack in the future, there are ways to regain control of your device without paying. Just follow these simple tricks, via Softpedia:
Whatever you do, don’t pay the hackers a dime. It’s your device and you have every right to regain control of it. It’s not your fault your password got stolen.
Contact Apple. It may sound like an ordeal, but what would you prefer: paying $100/€100 upfront not knowing if the hackers will give you back your freedom, or having to chit chat with Apple Support on the phone? You can ring them up here.
In case Apple can’t help you right now and / or the hackers have set a passcode on your device, instructions on how to bypass the lock can be found on Apple’s support site, KB article ht1212.
Once you regain control of your device, it may be only for a brief period of time. This is your window of opportunity to change your Apple ID password and leave the ransomware guys in the cold. Changing/resetting your password can be done at appleid.apple.com.
Once you’ve done all this, it’s highly recommended that you switch on two-step verification, so nothing like this ever happens again. According to Apple, “If you have two-step verification turned on, you'll be asked to send a verification code to the trusted device associated with your Apple ID.”