Ransomware Kalunga Russia iCloud Hack

This happened to me overnight. apple support had me reset my phone from iTunes and attempt to erase it as well as turn off lost mode but all will not occur until my phone connects to the internet-which i cannot do because my phone is locked-any assistance anyone can offer? Spent at least 4 hours on the phone with apple minimum still no resolve.

That's the weird thing is i am connected to cellular data-but we were doing it from my iPad which is not on my cellular network so maybe that's why it needs wifi? I'm not sure. I have access to my iPad now, Apple ID and I cloud. It's just my cellphone that I cannot unlock. If I type in my passcode it says it's wrong and disables my phone for 15 min

If you don't know the passcode, you must erase the device to remove it.

This doesn't make sense with this thread, as the "ransomware" lock is mostly based on you having an existing passcode on your device.

You did not answer the icloud question. Why can't you sign in to disable Lost Mode?

I can sign in a click thru disable lost mode but at the end it states it cannot because the phone is locked. I also have tried erasing it but it just says that the erase is pending (when I sign in on my computer) when I sign in on my iPad it says it will erase when it connects to the internet

Same thing happened at my office. We saw someone trying to remote in from kalunga russia on a co-workers laptop while in a meeting and she hit deny access. her computer immediately restarted and the locked page showed up on both her computer and phone. she had 2step activated and it was the only place she used the password. she has never given her password to anyone because she has Icloud password login enabled. watching it happen i have to agree and say somehow hackers found a vulnerability very recently because while researching this most of the kalunga hacks started in July.

lilacien wrote:

Well time will tell as more people "suddenly" don't know how to protect their devices.

Sorry, that's just more nonsense.

If you set a strong password, don't use it for anything else and don't disclose it, you are really pretty much secure.

However, having done so, if you want to protect against the unlikely scenario of someone being able to guess your password and lock your device, just ensure you've already set a lock, so the lock that gets applied to your device is one you already know. Admittedly setting a firmware lock on a Mac is a little more complicated than setting a screen-lock on a phone, but it still only takes a few minutes.

Winston Churchill wrote:

However, having done so, if you want to protect against the unlikely scenario of someone being able to guess your password and lock your device, just ensure you've already set a lock, so the lock that gets applied to your device is one you already know. Admittedly setting a firmware lock on a Mac is a little more complicated than setting a screen-lock on a phone, but it still only takes a few minutes.

Although it's definitely a good idea from a security perspective to set a firmware password on a Mac, this does not protect it in any way against being locked remotely via iCloud or the (now inaccurately-named) Find my iPhone app on iOS. A Mac with a firmware password and Find My Mac turned on can still be remotely locked with a separate code, remotely erased, etc. The only thing that is required, in the case of the Find my iPhone app, is the account username and password.

I spoke with Apple About this and was told that locking my Mac through find my phone when a firmware password had been set would use the same code, I haven't tried this as yet since setting such a password involves shutting down my Mac which I don't wish to do right now (I have a strange GPU issue which means restarting the Mac is a painful experience). I assume you are saying this is incorrect.

Even tying to turn off list mode from iCloud was unsuccessful because it stated the phone was still locked. I was atrempting to erase my phone thru iCloud but t said I must be connected to the internet which obviously I couldn't do with my phone locked and for some reason it wouldn't off cellular data but anyway long and short I had iCloud open on my pc plugged in my phone with iCloud open and the master erase began to process and I was able to restore my phone

I had this issue earlier this week - both iPhone and iPad 'locked'.

I initially triggered account recovery straight away, but then found out that when both were re-started / ran out of juice and I hit the home button I could enter the passcode as normal and get into both.

I've now changed password and not seen the lockscreen message since.

Hello,

just for information, when 2FA is turned on nobody can access your privat files with the username and password, but they can mark your iPhone, Mac etc as stolen and lock them, when somebody get an a login information and a 2FA code on the iPhone, Mac etc then don't allow this, and change your password, but you have to do a login at icloud.com with the new password and at the bottom of the page click on "lock all browsers out". If you doesn't do that then the hacker stays in your account.

And just to repeat this the Hacker can't access your privat files without the 2FA code when 2FA is enabled.

Thanks

Exact same thing happened to me. I had 2FA activated and received a message on my phone someone was trying to access my account from a browser from Kahluga and I immediately responded do not allow. I then started receiving emails that all my apple devices were lost and then locked. I immediately changed my password and was able to get back into my iPad, watch and phone, but my iMac is a different story. The screen is locked with a grey screen, access code boxes, and a message that gives a message to email to unlock.device@mail.com. I tried this and got an automated response telling me to pay $50 in botcoins to reactivate my device. I spent a couple of hours on the phone with apple support. I have another computer (HP) at home and logged in through it into my iCloud account, selected my devices, the iMac, and (with Apple support remotely viewing and telling me to do all of this)....the unlock and erase buttons were grayed out, so "unlock" cannot be selected. The only selection remaining for the iMac is play a sound. Needless to say, at this point technical support is turning over to their engineering department. I am waiting on a solution!!

This exact same thing happened to me as well. Luckily my watch and iPhone had 2FA but my mac did not. Now it is showing locked and asking to email: passcode@gmx.com. This mac was a gift four years ago and I do not have original receipt so apple can not do anything? So are all of my information/pictures lost forever?

This exact thing has happened to me as well on my Mac at home. I also have the 2 Factor authentication. I have been on the phone with Apple technical support multiple times. They have turned it over to their engineering department as highest priority, as it does seem to be a new hack through iCloud. There is no longer a button in my iCloud to unlock or do anything to my Mac other than play a sound to locate or remove from account.

It's a firmware lock..Apple will not provide a solution. Due to the fact that it is suppost to work like this. They can't get to your data. The only thing is you can't either due to the firmware lock.

The only thing you can do is bring the original reciept and go to an Apple store. They will get a new firmware code and this will unlock your device.