Industry News Mobile & Gadgets

Hackers claim they will wipe iPhones and iCloud accounts unless Apple pays ransom

A group of hackers are allegedly threatening to remotely wipe millions of iPhones and iCloud accounts, unless Apple agrees to pay a ransom by April 7th.

As Motherboard reports, the hackers – who are calling themselves the “Turkish Crime Family” – are demanding Apple pay a ransom of $75,000 (in either the Bitcoin or Ethereum cryptocurrencies), or hand over $100,000 worth of iTunes gift cards.

Motherboard‘s Joseph Cox reports that one of the hackers shared screenshots of emails that had allegedly been exchanged with Apple, including one where a member of Apple’s security team asked if the group would be willing to share a sample of the stolen data.

If emails shared by the hackers are legitimate, then it appears that Apple’s security team also requested that a YouTube video be removed of an unnamed member of the gang using stolen credentials to access an elderly woman’s iCloud account and view photos that had previously been backed up online.

The alleged emails from Apple go on to underline that the technology firm will “not reward cyber criminals for breaking the law”.

What we don’t know is whether the email exchanges between the hackers and Apple are real or faked, and – indeed – whether the so-called “Turkish Crime Gang” really has access to a large number of Apple users’ credentials. Other than the video of the elderly woman’s iCloud account being broken into, there has been no evidence shared with the media to suggest that the hackers’ claims of having gained access to a large database of Apple usernames and passwords are legitimate.

However, if it’s true that the hackers are attempting to engage with the media in an attempt to increase their chances of a substantial payout then that would be in line with an increasingly common technique deployed by extortionists.

For instance, we have discussed before how an individual hacker or hacking group known as The Dark Overlord has targeted investment banks – stealing internal documents and bringing them to the public’s attention in an attempt to extort more money.

In another extortion attempt, The Dark Overlord stole hundreds of gigabytes of files from the Gorilla Glue adhesive company, and attempted to increase their chances of crowbarring more money out of corporate victims by sharing details with security industry media. For the record, when The Dark Overlord contacted me to help them blackmail companies, I declined.

I believe that companies should do everything in their power to protect their customers and prevent criminals from profiting from extortion.

We simply don’t know the truth of the Turkish Crime Family’s claims, and whether Apple users are at risk.

But I do hope that the media stories will help remind Apple users of the importance of using a strong, unique password to secure their account and enable two-factor authentication to make their accounts harder to break into.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • I think they cannot compromise iCloud accounts remotely only if they "somehow" get access perhaps via Bluetooth.
    Another possibility is they got some data from "Find my iPhone/iPad" if turned of they cannot wipe any iPhone/iPad.
    The last possibility is they hacked Apple servers, but Apple is smart enough to have shadow copies etc.
    This makes me to conclude that the hacker group has probably physical access to some stolen iPhones that weren't
    protected enough.

    I'd give it a miss for iOS devices and take a deep breath it's all hoax for the majority.