“Turkish Crime Family”, the group of hacker is threatening to reset millions of iCloud accounts and delete all data from iPhones if ransom of $75,000 in crypto currency or $100,000 in iTunes gift cards is not paid.
Apple mentioned that its systems are not hacked.
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the company mentioned. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
“To protect against these types of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication,” the company added.
As per the reports, passwords and email addresses matched to data from the linkedin breach that was disclosed last year.
John Bambenek, threat systems manager at Fidelis Cybersecurity, said the threat ultimately sounds like a stunt. “There are always people who make unfounded threats to organizations in the hope of an easy payday — in this case, the hackers want $100,000 in iTunes gift cards,” he said.
“Companies must take due diligence but assess the adversary before paying to see if the threat is real,” Bambenek added. “As in the physical world, the odds are that paying a ransom, especially in a public manner, means the threats only increase.”
Still, Lamar Bailey, director of security research and development for Tripwire mentioned that iPhones can be wiped remotely if hacker posses the data.
“The hackers cannot remove backups for Apple devices from the cloud, but changing the passwords will make it hard for the legitimate users to reset and recover their devices,” Bailey said.
In recent survey of 1001 iPhone users, forty seven percent said that they are not comfortable in storing sensitive data in icloud.
“The worst thing in the world would be if someone thought they backed something up, deleted it, and found that it wasn’t on the cloud,” Network Remedy business development manager Aaron Mangal told Clutch.
Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.