Cybercriminals are using stolen Apple credentials to lock iPads, iPhones, and Macs and are doing this for ransom. The target users are mainly from Australia and New Zealand, but there are also some reports of victims within the United States.
The attackers are taking advantage of the Find My iPhone iCloud feature and enable Lost Mode for compromised Apple IDs. Lost Mode is a feature that enables users to lock a stolen or misplaced device and sends a message to the lost device. The compromised message reads, "Hacked by Oleg Pliss." Oleg Pliss is an Oracle software engineer and is someone who cybercriminals chose at random, states Symantec's Satnam Narang.
Victims are instructed to send 100 USD/EUR through services such as MoneyPack in order to have their devices unlocked. The devices can be easily unlocked by entering the passcode that the user initially configured. However, if a passcode was not used, users can recover their devices by wiping them and restoring them from a backup.
The Apple IDs were most likely compromised through a phishing attempt. Another way the Apple IDs could have been breached is through data leaks from other sources, such as eBay's security breach. This scenario is possible due to the fact that many users use the same username/password combination for multiple online accounts.