It is also important to say that the affected devices got locked up by no malicious app or program. The culprits for the unfortunate event are nothing else but compromised Apple IDs, the passwords for which could have been easily stolen "from recent data breaches". If we also take into consideration that most people tend to use one and the same password for years, it comes to no surprise that the wrongdoers succeeded in locking up a big number of Apple devices.
Fortunately, Apple IDs with a two-step authentication have not been affected by the scam. In addition, those unlucky owners of Apple devices with passcodes easily succeeded in reclaiming control of their gadgets.
Still, it seems that some of the affected users fell into the trap and sent money to the email that Oleg Pliss listed in the ransom notes. Interestingly, a PayPal representative revealed that there was no PayPal account linked to the email in question. It was also said that any money that had been forwarded to the email will be refunded in a timely fashion.
Meanwhile, local Australian carriers advised the affected users to contact Apple so that they can regain access of their accounts as soon as possible. However, Cupertino has not issued an official statement on the matter yet.
source: Brisbane Times via The Verge