"While it's not clear how the attacker gained account credentials for the accounts, given the localized nature of the attacks it's likely that this is a case of password reuse as opposed to Apple servers being compromised," agreed Michael Sutton, vp of research at security firm, Zscaler.
"It is likely that a third party database was compromised and authentication credentials stolen that are the same credentials used by the owners of the affected iOS devices. Fortunately, this is a situation where Apple can intervene to reset the device and affected users should not pay the ransom being sought," he said.
Sister title Computerworld has published more detailed advice on coping with the attack.
Sign up for CIO Asia eNewsletters.