The Sydney Morning Herald reports that several Australian Mac, iPhone, and iPad users are finding that their devices have been locked remotely through Apple’s Find My iPhone service by someone using the name “Oleg Pliss.” The hacker (or hackers) then demand payments of around $50 to $100 to an anonymous PayPal account in order to restore the devices to their owners.
An active thread on Apple’s support forum was started yesterday as users started to discover that they had been targeted by the attack. According to that discussion, users are finding all of their devices locked at once rather than a single device per user. Based on that report and the fact that Find My iPhone is being used to hold the devices hostage, it seems likely that the perpetrator has gained access to these users’ iCloud accounts—possibly through password reuse by those users—rather than some device-specific malware or hack.