Hacker holds Apple devices for ransom
Holding a device for ransom is a scary practice. Hackers seize control, and then ask the owner to pay a fee to unlock it. If the victim does not comply with their demand, there is little that can be done to regain access to private data, which may include sensitive information like bank account passwords, photos, work documents and so on. Some people cave in, paying the hackers. Others refuse and end up losing everything on their device.
Some Australian Apple users are reporting they are dealing with a hacker (or group of hackers) that goes by the name Oleg Pliss, that holds their iOS and Mac devices for ransom, demanding a certain fee (initial reports say $100) to relinquish control. Affected Apple devices have been locked through Find My iPhone, a tool that lets users track their enrolled iOS and Mac devices, basically rendering them useless.
"Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:firstname.lastname@example.org for unlock", reads the attacker's message.
Users responding to the thread on Apple's forums (the link is in the paragraph above) indicate that those who have set up a passcode can regain access. The same thing can also be achieved by restoring the device to factory settings through iTunes, and restoring the latest backup. In the case of Macs, using the built-in Internet Recovery can do the trick.
A user who goes by the handle poppyp_z, says local operator Optus "suggests keeping the phone off for now as it's safer". This appears to be sound advice, as another user, who goes by the handle Frappuccino, says "I've been hacked a 2nd time. I've just received an email that my phone was put into Lost Mode again, after I successfully changed my password. I have also done a full virus and malware scan, so I know I don't have an issue on my PC".
According to Frappuccino, who apparently got in touch with Apple, "Apple gave me a case number, and told me to contact the local authorities. They were super helpful. They've also escalated the issue to account security who will contact me later today. [...] The passcode can be removed via recovery mode restore. However, it is recommended to wait until the iCloud activation lock is lifted before doing that, because once you restore, it will just go to this screen and you will have to restore again".
The culprit seems to be hacked Apple IDs or repeated use of the same password -- that is used for Apple ID -- with multiple cloud accounts, of which one was hijacked. While both scenarios are plausible, in either case it is recommended to change the password immediately, if possible, and turn on two-factor authentication. To learn more about enabling the latter security measure, check this article. Setting up Touch ID is also recommended for iPhone 5s users.