Apple Reportedly Paid Hackers Ransom to Avoid iPhone Data Wipe
Last month, we reported that a group of hackers threatened Apple with ransomware and were planning to wipe data from iPhones during the first week of April if they weren’t paid off. According to MSP Mentor, the cyber-criminals said got what they wanted.
The group, dubbed the Turkish Crime Family, was able to get a hold of iCloud, Apple ID and email credentials of more than 300 million users and held the info for ransom. The group wanted $100,000 in iTunes gift cards or $75,000 in the electronic currencies Bitcoin or Ethereum. Their deadline for receiving the payment was April 7, but that date came and went and iPhone users didn’t lose a thing. But according to the hackers, they didn’t follow through with the threats because they got paid.
Apple acknowledged the attack in a statement that said they were “actively monitoring” the situation and working with law enforcement. And then three days after the deadline, the hackers said they were paid the ransom requested.
The Turkish Crime Family took to Twitter saying that their negotiator had reached an agreement with Apple, but that they hadn’t received a payment.
https://twitter.com/turkcrimefamily/status/850421209279942656
Moments later, they posted a link to a Bitcoin wallet that reportedly showed a transfer of $480,000 worth of electronic currency just before the deadline approached.
https://twitter.com/turkcrimefamily/status/850450732780318720
However, several tweets from critics suggested that the group paid itself to make it look like they got what they wanted from Apple. Computerworld reported that an electronic currency expert said the claim was false given that the transaction was an internal money deposit at a Korean exchange.
The cyber-criminals reportedly didn’t respond to a request for a comment. And Apple apparently denied the breach in a statement.
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the tech giant said.”The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.
We’ll let you make your own conclusion on this one. But what it reminds us that securing mobile devices within your enterprise is more vital than ever, with groups like The Turkish Crime Family running around.