"Oleg Pliss" Virus: Ransomware without added Bitcoin

Many Australians and New Zealanders woke up this morning to find their iOS, or Apple device had a new message: “Device hacked by Oleg Pliss. For unlock device…  upon pressing the OK button, they receive a further message demanding a ransom of between $50 and $100 to unlock the device. There are no reports, currently emerging, from outside of Australia and New Zealand, but many believe that this virus spreading, is little more than a matter of time. Many apple users believe that their devices are de-facto immune from cyber attacks.
Ryan W. Neal, writing in The International Business Times broke the story that Apple users are being targeted. He writes that:
“Though malware doesn’t appear to be involved, the Oleg Pliss attack looks similar to the Cryptolocker malware that made headlines in October 2013 for encrypting a computer hard drive and demanding a $300 ransom be paid in bitcoin within 100 hours. Cryptolocker affected only Windows computers, and while this Oleg Pliss attack doesn’t rely on malware, it shows Apple users that they, too, need to be vigilant about cybersecurity.
Apple has not, thus far, released a statement about the attack, or for that matter responded to questions about the attack, it may well do so before this article is published, but questions arise about why it is that only Australian and New Zealand Apple users have been targeted. It would appear, however, that hackers accessed the iCloud using Apple usernames and passwords and used this access to lock the devices remotely.

[dropcap size=small]A[/dropcap]n Australian Government website, StaySmartOnline, urges all Apple users to change their usernames and passwords, whether their devices have been accessed or not. It speculates that the hackers received user information from another data breach and probably guessed that Apple users used the same username and password combination on several devices.
“Reports by affected users suggest that this attack is possibly the result of hackers compromising the device owner’s Apple ID and using this to access their iCloud account,” .
“A hacker with access to your Apple ID can potentially lock any device associated with it remotely, they can see data you have stored in iCloud, access your Apple Store purchases and potentially set up two-step verification (also known as two-factor authentication) on your device, locking you out of your phone completely, and even remotely erase your device.”
The Hacker,” Oleg Pliss”, provides an email address, which is claimed to be a PayPal address, PayPal have stated that this is not a PayPal account; therefore it is surmised that this is just a ploy to get further financial information. This is a potential development in ransomware, because when the hackers were demanding Bitcoin payments, the only information transacted was the public key, now by telling people that they are paying a sum to PayPal, the people, that choose to pay the ransom, are transmitting verifiable financial data that can be potentially used for further attacks.
For users whose phone or computer is compromised, security experts urge them not give in to the ransom. Apple can bypass the lock, though it requires resetting the device, and this would erase all information that isn’t backed up. Stay Smart Online also said that Apple has been able to help some users recover their device.
If “Olef Pliss” spreads worldwide, which it could be reasonably be expected to do, users must not engage with the hackers but should contact Apple for support.
Featured image by Shutterstock.

Last modified: July 13, 2020 3:21 AM UTC

May 28, 2014 1:47 PM UTC
Posted in: Archive
More of: appleNewsvirus
Show comments
PJ Delaney @P.J. Delaney@delboyir

Masters in Public Administration, Bachelors in Mgt., I live in Ireland, I have a bit of a background in Economics and lots of opinions on everything else.