Questions remain as Apple’s ANZ users come under attack
"It's not exactly clear what has happened here,” admits David Harley, Senior Research Fellow, ESET.
“Or why the only people affected so far are Australians and New Zealanders.”
Based upon what is known of Apple IDs being compromised across the region, Harley believes it is extremely unlikely that Apple itself has been hacked or suffered a vulnerability.
"A far more likely scenario would be that ANZ consumers have been targeted by exploiting password reuse - where malicious hackers obtain password and ID credentials in some type of data breach or phishing attack and then reuse them to gain access to other accounts,” he adds.
"Regardless of the root cause, the most important preventative measure is to enable Apple's 2-factor authentication for Apple ID credentials.
“As far as I can ascertain, no-one in Australia or New Zealand who's activated 2-factor authentication has received the ransom demand alert.”
Essentially, this allows users to authenticate using a password, a 4-digit PIN (verification code) texted to a trusted device at each login, and also generates a 14-digit recovery for emergency.
“This might also be a good time to change your AppleID password and ensure that you're not re-using a password that might have been compromised from another service,” Harley warns.
“Apple Australia has also suggested contacting AppleCare or visiting an Apple Store if necessary, and claims that an iCloud breach is not responsible.
"At ESET we are yet to come across an instance where someone has paid the ransom demand, but there's no reason to assume that the criminal would actually restore the victim's access to the affected device(s).
“So I guess it begs the question - even if you pay, will the hacker give you back your digital assets stored on the device?
"For people who have been affected, you could try to erase the device and its password using recovery mode.”
For more details on how to do this visit http://support.apple.com/kb/ht1212