How do I remove ransomware safely on a Mac? My Mother-In-Law inadvertently opened up an email with a link.She uses Microsoft Outlook. They were able to shut down her MAC. She also has a iPhone and iPad on the same Apple ID. Would those be affected too?Thank you. Terri
[Re-Titled by Moderator]
iPad Pro, iPadOS 17
Simply opening a link will not install Ransomware, it could have been a link to a web page that displayed in full screen that appeared to lock the Mac unless a number was called. In this case, you can Force Quit Safari by pressing Option-Command-ESC. Then to open Safari again, hold the Shift key while launching Safari. This will clear the previous screen.
If the link did download software, then it would have to be installed by your Mother-In-Law by double clicking it and most likely enter the login credentials of the computer to put anything in your System Files that would launch on startup. The link provided by hcsitas to reset to factory settings is the quick fix, but you also would be able to remove any files installed by first starting up in Safe Mode, then download the free EtreCheck program and post the report here using the Additional Text option when posting. There is no personal information provided in the report.
Start up your Mac in safe mode - Apple Support
How to use the Add Text Feature When Post… - Apple Community
As for affecting other devices, that would depend on if your Mother-In-Law provided her Apple ID and Password to the scammers. If any financial data was given, then appropriate action would also be needed to secure those accounts.
Simply opening a link will not install Ransomware, it could have been a link to a web page that displayed in full screen that appeared to lock the Mac unless a number was called. In this case, you can Force Quit Safari by pressing Option-Command-ESC. Then to open Safari again, hold the Shift key while launching Safari. This will clear the previous screen.
If the link did download software, then it would have to be installed by your Mother-In-Law by double clicking it and most likely enter the login credentials of the computer to put anything in your System Files that would launch on startup. The link provided by hcsitas to reset to factory settings is the quick fix, but you also would be able to remove any files installed by first starting up in Safe Mode, then download the free EtreCheck program and post the report here using the Additional Text option when posting. There is no personal information provided in the report.
Start up your Mac in safe mode - Apple Support
How to use the Add Text Feature When Post… - Apple Community
As for affecting other devices, that would depend on if your Mother-In-Law provided her Apple ID and Password to the scammers. If any financial data was given, then appropriate action would also be needed to secure those accounts.
Have your Mother-In-Law read Phony "tech support" / "ransomware" popups and web pages. These are very common scams.
Clicking links in an email is something that's best to avoid. While it is literally impossible to "infect" a Mac with ransomware or anything else merely by clicking a link in an email message, there are countless scams that use a variety of tactics ranging from enticing offers to threats whose attack vectors start with clicking a link. Following that link leads to loading a deceptive website or some other scam resembling the illustrations in the above User Tip. That results in a susceptible user taking inappropriate actions that all lead to the end goal of extorting money from that user, in one way or another. The Mac isn't affected by anything; it's the user who gets scammed. That's the goal.
So... don't click links in an email is generally sound advice. It stops those threats before they can start.
Reset to factory i.e full erase, see What to do before you sell, give away, trade in, or recycle your Mac - Apple Support
On more thing: for the reset procedure, avoid Time Machine entirely. Install Apps manually and likewise with data files (pdf, docx, jpegs, xlsx etc. - those files should be manually copied to external disk prior to reset.)
Thank you!
How do I remove ransomware safely on a Mac?
