“Oleg Pliss” Hack Spreads to US and UK, Change Your Passwords Now

In a forum thread that’s growing faster than grass blades in a Nat-Geo time lapse video, Apple customers seem to be confirming that the widely-reported ransomware attack under the name of Oleg Pliss has spread to the United States and the United Kingdom, in addition to Australia and New Zealand.

“I’m in the US. Never been to Australia. Hacked last night byt the Oleg Pliss nonsense. Currently restoring to try and get it back online,” writes wheelman2188 on the Apple Support Communities forum thread.

User Loonbeam1 chimes in to say, “My wife got hit in the US as well. Have not heard a lot here, but people may just be waking up or the attack is spreading. Not sure when it triggered. Both devices passcoded so no damage. Never been or connected to australia, and at least one of the devices was purchased in US/Canada (one shipped direct from China)”

As we noted earlier today, the hack could well be spread worldwide, and many users could actually fall for the scam and pay up the $100/€100 without any guarantees that the crooks will unlock their Apple IDs. We even released a guide telling users how to avoid getting trapped and even restore their devices.

However, thanks to one of the posters in the thread, we might have discovered where the ransomware was born: a phishing email.

Phishing is a common practice used by cybercriminals to steal user names and passwords, and the Apple community has had its fair dose of such attacks for the past few years. Suffice to say iOS is on its way to becoming what Windows has been for the hacking community for the past decade: a sea of opportunities.

Earlier this month, an email purporting to be from Apple was sent to various iOS/OS X users with the following message:


 

 

Dear Apple Customer,

Your Apple ID has been Disabled for Security Reasons!

Someone just tried to sign in into your Apple account from other IP Address.
Please confirm your identity today or your account will be Disabled due to concerns we have for the safety and integrity of the Apple Community.

To confirm your identity, we recommend that you go to

Regards
Apple


 

This was pointed out by a user who managed to avoid getting hit by the hack, but others may not be so fortunate. If you know you’ve answered to this email as instructed, change your Apple ID password ASAP.

The hackers could have more than one method of obtaining passwords, so keep your eyes peeled for any scams that prompt you to enter your Apple credentials without a solid reason.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA