Security Experts:

Two Detained in Russia Over Ransom Scheme Targeting Apple Devices

Two individuals were detained by Russian authorities on suspicion of being involved in a cybercriminal scheme targeting Apple devices, Russia’s Ministry of Internal Affairs revealed on Monday.

According to a statement released by authorities, the attackers abused the “Find My iPhone” feature included in iOS systems to block devices. They’re said to have obtained their victims’ Apple IDs through two methods: phishing, and by convincing users to connect their devices to existing accounts. The cybercriminals promised victims that they could access media content if they linked their devices to these pre-arranged accounts.

Once the devices were hijacked, the attackers demanded between 500 Rubles ($15) and 3,000 Rubles ($90) from their victims, Russian publication MKRU reported.

The suspects, aged 23 and 16, both from the Southern Administrative District of Moscow, were noe identified by the Ministry of Internal Affairs. However, MKRU revealed that the 23-year-old’s name is Ivan, a young man passionate about computers and hacking. Ivan, who is said to have always been looking for easy ways to make money, was previously charged with hacking, but received just a fine and probation.

MKRU reported that Russian authorities started investigating the criminal activities six months ago, after receiving numerous complaints. The suspects were apprehended after CCTV cameras installed at ATMs recorded them withdrawing money using the cards to which victims paid the ransom.

Computers, SIM cards, phones and hacking literature have been seized from the suspects’ homes. They both confessed the the crimes, the Ministry of Internal Affairs said.

The case, as described by Russian media and authorities, is very similar to the recent “Oleg Pliss” ransom attacks targeting Apple users in Australia, New Zealand, the United States and other parts of the world. However, it’s uncertain at this time if these suspects are responsible for all these attacks, or if multiple groups are behind such operations.

Subscribe to the SecurityWeek Email Briefing
view counter