Ransomware Kalunga Russia iCloud Hack

if you are using the same user pass for your Apple ID as you are using for any other service and that service gets hacked then you gave a hacker an opportunity to simply try those same credentials at Apple.

If you arrange with Apple beforehand an Apple Store may be able to remove the firmware lock. It's possible that the data is still available to you, if not hopefully you have a backup.

1-800-MY-APPLE

apple.com/contact

I've since set up 2FA, it wasn't set up last night

I think people are missing the point here. What is happening has nothing to do with 2FA, it's not a 2FA failing or something that using 2FA can protect you from. The purpose of 2FA is to protect access to the data in your account, these malicious events are aimed at disabling your device.

So it was a hack as I do not give out this information.

But yet they had it. Call it what you want. Use whatever phrase makes you happy.

This locking of your device can't happen without your Apple ID *AND* current password.

but how did they do this unless they hacked my MacBook or iCloud, the only two places I store this information ?

You are not locked out of your iCloud account are you? Why hack it and not take it over?

Thanks, but one small correction..

trying to get across is with only your password someone can login into iCloud.com website and turn on 'Lost Mode'.

This is your Apple ID's password.

You can turn it off as long as you still have the correct password.

This is your device's passcode.

2 different things.

No you miss understand what I'm getting at. What my point is as long as you still have the password to Apple ID you can just log into iCloud.com and turn off 'Lost Mode'. You don't need the passcode created with 'Lost Mode'. It stated in the article that was linked.

This happened to me overnight. apple support had me reset my phone from iTunes and attempt to erase it as well as turn off lost mode but all will not occur until my phone connects to the internet-which i cannot do because my phone is locked-any assistance anyone can offer? Spent at least 4 hours on the phone with apple minimum still no resolve.

What happens when you enter your known passcode on the device itself?

If you have removed the passcode via iTunes, you may have removed the only way to resolve this. Now you must know your Apple ID and password, but not until your device is online.

until my phone connects to the internet-which i cannot do because my phone is locked-any assistance anyone can offer?

This should not prevent your phone from using cellular data or connecting to a previous wifi network. Is the SIM card not in it?

What can't you sign in to iCloud.com with your Apple ID and password?

This happened to me overnight. apple support had me reset my phone from iTunes and attempt to erase it as well as turn off lost mode but all will not occur until my phone connects to the internet-which i cannot do because my phone is locked-any assistance anyone can offer? Spent at least 4 hours on the phone with apple minimum still no resolve.

That's the weird thing is i am connected to cellular data-but we were doing it from my iPad which is not on my cellular network so maybe that's why it needs wifi? I'm not sure. I have access to my iPad now, Apple ID and I cloud. It's just my cellphone that I cannot unlock. If I type in my passcode it says it's wrong and disables my phone for 15 min

If you don't know the passcode, you must erase the device to remove it.

This doesn't make sense with this thread, as the "ransomware" lock is mostly based on you having an existing passcode on your device.

You did not answer the icloud question. Why can't you sign in to disable Lost Mode?

I can sign in a click thru disable lost mode but at the end it states it cannot because the phone is locked. I also have tried erasing it but it just says that the erase is pending (when I sign in on my computer) when I sign in on my iPad it says it will erase when it connects to the internet

Same thing happened at my office. We saw someone trying to remote in from kalunga russia on a co-workers laptop while in a meeting and she hit deny access. her computer immediately restarted and the locked page showed up on both her computer and phone. she had 2step activated and it was the only place she used the password. she has never given her password to anyone because she has Icloud password login enabled. watching it happen i have to agree and say somehow hackers found a vulnerability very recently because while researching this most of the kalunga hacks started in July.

lilacien wrote:

Well time will tell as more people "suddenly" don't know how to protect their devices.

Sorry, that's just more nonsense.

If you set a strong password, don't use it for anything else and don't disclose it, you are really pretty much secure.

However, having done so, if you want to protect against the unlikely scenario of someone being able to guess your password and lock your device, just ensure you've already set a lock, so the lock that gets applied to your device is one you already know. Admittedly setting a firmware lock on a Mac is a little more complicated than setting a screen-lock on a phone, but it still only takes a few minutes.