In recent hours, a number of iOS users appear to have been hit by a malware attack that locks their iOS devices and demands a $100 ransom to unlock it again.
Those affected by the issue have reported that when using the device as they normally do, it suddenly locks itself and then displays a message from an “Oleg Pliss” which claims the device has been hacked and that the victim must pay $100 to a paypal account in order for the device to be unlocked again.
This problem seems to be primarily affecting iOS users in Australia and New Zealand, and especially those who have not used a passcode to secure their iOS systems.
The hack shows this message in affected iCloud accounts (click image for larger view). Image from user “amberoonie” from the Apple discussion forums.
If you are affected by this scam, do not pay any ransom, and instead attach your iOS device to your Mac to back it up using iTunes. Following this, you can use iTunes to restore the iPhone to attempt to restore the phone from the backup, or log into iCloud and remote-wipe your iPhone, followed again by using iTunes to restore your backup to it. Note that you may need to restore a more recent backup instead of the one you make directly.
Keep in mind that this attack is developing, and new information about it and how to manage it may be out soon. Meanwhile, be sure your passwords are changed, and your iPhone or iPad is restored from backup. Also be sure your device is properly secured with Apple’s 4-digit password, or for more security, use the iOS passphrase option, which can be enabled by turning off the Simple Passcode option in the Touch ID & Passcode section of iOS’ settings.
“…and especially those who have not used a passcode to secure their iOS systems.”
*** Sigh ***
How devices get infected?
How could work backing up and then restoring? Surely the malware is also backed up and restored!
Just a guess here, but to block an iPhone like this would require getting into the iOS itself. Of course, it could have been installed by a self-regenerating app, but this would be easy enough to test for. If the block is restored after you reset and restore from the current backup, then it is in software, not just the system. If it’s in the system, the erase, reset and restore should clear it. It would be easy enough to test for – though you would need an infected device to do so. As Topher said, more information will undoubtedly be available soon. If you’ve never backed up you iDevice, however, you will be SOL if this malware attacks you.
This is most likely not malware, but rather a case of users having their AppleID passwords hacked.
It seems that the hack is related to eBay stolen password data:
iOS ransom hack spreading to US
https://macissues.com/2014/05/27/ios-ransom-hack-spreading-to-us/#comment-427