They are then holding those accounts hostage until the owner agrees to pay the ransom. In some cases, the hackers are charging as much as $40,000 USD to return an account back to its user.
They're gaining control of the accounts initially via some clever social engineering. The attack begins when the hackers contact the Instagram user claiming copyright infringement.
The email they send contains a link that takes the victim to a website the hackers control. The user is prompted to enter their Instagram account information (username and password) which of course is harvested by the hackers.
Once they have that they log in and immediately change the victim's password.
They then modify the account profile so that it includes the phrase:
''this Instagram account is held to be sold back to its owner," followed by a contact link.
Clicking the contact link opens a WhatsApp chat session where the hackers make the ransom demands and wait. If the victim doesn't initiate contact via the profile link, the hackers will start sending text messages to the phone number associated with the account. Either way, the negotiation process begins
Security researchers who have begun investigating the scam have concluded that at least one of the threat actors involved is based in Turkey.
At this point, there is no reliable information about how many Instagram attacks have been compromised in this manner. There also isn't any information about how much money the hackers have made in total via this approach. If you are an Instagram user and you have an impressive number of followers it pays to at least be aware of the possibility.