Dan Bryant1 wrote:
The retailer claims the problem occurred after I bought it and therefore it is something for which they are responsible. I have found other articles that back up their claim that they could not have done a clean install on the drive if the passcode had been set on the machine, so it is hard for me to argue otherwise. At this point all I can think is that it was some kind of malware or ransomware. (Though haven’t found any ransom note.)
It would be true that this retailer could not have properly prepared this mini if they came across a lock screen, so if they did properly prepared it for resale, you should have gotten the original Apple setup screens when first powering it up. I'm assuming that that was true ... correct? That is, the screens would have taken you through the various setup stages for a "new" Mac.
AFAIK, malware or ransomware would not be able to either enable FileVault encryption or remote lock your Mac. This would had to been accomplished with someone that had access to the Apple ID that was associated with it ... so it may be possible that the original owner did not properly prepare the device to be sold to the retailer. However, again, if this was true, the retailer would not be able to access for resale and would have sold you a "locked" device.
The next time my staff tried to use it, they found it locked.
I'm definitely not accusing you or anyone on your staff, but who set up this Mac after you got it from the retailer originally? Whoever that was, should have seen the initial Apple setup screens and created the Administrator account during this process. Additionally, they could have enabled FileVault. The other issue is what Apple ID did they use when setting it up? That is, do you have a company-specific ID or a personal one that your staff would have access to?
There was no message that it had been locked remotely by FindMy. Does that message only occur on machines with Catalina?
No. Find My or FileVault have been around quite a bit earlier than macOS Catalina.
One theory of the retailer is that someone on my staff activated FileVault. Would that cause this problem?
Yes, that would be possible. But only if they had administrator access to the device. However, having FileVault enabled would not, in itself, cause the boot up problem you are seeing.
When this first happened, there was no record of the machine in my account for FindMy, and now it shows up as one of my devices but says it is offline. Does that mean at some point since this happened that it did connect to my iCloud account?
If it appears in your personal Apple ID account, then if you had a staff member set up this computer, they would have to have access to your ID. Bad idea! Your ID is now compromised and you should immediately change your ID's password.
Since it was associated with my AppleID before this all happened, what would keep it from appearing in the list of my devices even though I can see that it is connected to our WiFi network and I have also connected to our Ethernet network?
Not sure how to respond to this. If I understand you correctly, someone used your Apple ID when it was first set up. Which, again, leads to the question: Who did this initial setup ... you or one of your staff?
