View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Australian Apple customers suffer major ransomware attack

Password reuse thought to have caused the breach across iPod, iPhone and Mac.

By Jimmy Nicholls

Hackers are holding Australian Apple customers to ransom by locking iPhones, iPads and Macs and demanding payment to unlock the products.

Affected devices have been reported across several states in Australia displaying an error message attributing the hack to Oleg Pliss, and instructing users to send $100 (USD) or €100 to a PayPal account.

Writing on the Apple support forums, user veritylikestea said: "I have no idea how this has happened. I am not aware of having been exposed to malware or anything else, although I did recently purchase some new apps – perhaps one of these has something to do with it?"

Many Apple customers were woken during the night when their devices were set into "lost" mode and their passwords were reset, preventing them from accessing the phone.

Bob Tarzey, analyst at Quocirca, said: "There are lots of Apple devices out there – and their users tend be at the wealthier end of the spectrum, compared to the larger Android mass market.

"However, iOS is hard to target with malware due to the walled garden environment in which Apple operates so, unless devices are jail broken by their users, getting malware and unauthorised apps on to their device is hard."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Speaking to several media organisations, Troy Hunt, a software architect at Microsoft, said the attack appeared to be isolated to Australia, and noted that password reuse on non-Apple services may have been responsible for the breach.

"Of course, it also suggests that two-factor authentication was likely not used as the password alone wouldn’t have granted the attacker access to the iCloud account," he added, speaking to the Sydney Morning Herald.

PayPal said that payment account is linked to the email address the hacker had supplied to victims, but added that any money sent would be refunded. At the time of writing, Apple has yet to comment on the matter.

Oleg Pliss is a software engineer and computer scientist at Oracle, and it is likely his name has been misappropriated by the hacker behind the breach.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.