Ransomware Kalunga Russia iCloud Hack

Winston Churchill wrote:

However, having done so, if you want to protect against the unlikely scenario of someone being able to guess your password and lock your device, just ensure you've already set a lock, so the lock that gets applied to your device is one you already know. Admittedly setting a firmware lock on a Mac is a little more complicated than setting a screen-lock on a phone, but it still only takes a few minutes.

Although it's definitely a good idea from a security perspective to set a firmware password on a Mac, this does not protect it in any way against being locked remotely via iCloud or the (now inaccurately-named) Find my iPhone app on iOS. A Mac with a firmware password and Find My Mac turned on can still be remotely locked with a separate code, remotely erased, etc. The only thing that is required, in the case of the Find my iPhone app, is the account username and password.

I spoke with Apple About this and was told that locking my Mac through find my phone when a firmware password had been set would use the same code, I haven't tried this as yet since setting such a password involves shutting down my Mac which I don't wish to do right now (I have a strange GPU issue which means restarting the Mac is a painful experience). I assume you are saying this is incorrect.

Even tying to turn off list mode from iCloud was unsuccessful because it stated the phone was still locked. I was atrempting to erase my phone thru iCloud but t said I must be connected to the internet which obviously I couldn't do with my phone locked and for some reason it wouldn't off cellular data but anyway long and short I had iCloud open on my pc plugged in my phone with iCloud open and the master erase began to process and I was able to restore my phone

I had this issue earlier this week - both iPhone and iPad 'locked'.

I initially triggered account recovery straight away, but then found out that when both were re-started / ran out of juice and I hit the home button I could enter the passcode as normal and get into both.

I've now changed password and not seen the lockscreen message since.

Hello,

just for information, when 2FA is turned on nobody can access your privat files with the username and password, but they can mark your iPhone, Mac etc as stolen and lock them, when somebody get an a login information and a 2FA code on the iPhone, Mac etc then don't allow this, and change your password, but you have to do a login at icloud.com with the new password and at the bottom of the page click on "lock all browsers out". If you doesn't do that then the hacker stays in your account.

And just to repeat this the Hacker can't access your privat files without the 2FA code when 2FA is enabled.

Thanks

Exact same thing happened to me. I had 2FA activated and received a message on my phone someone was trying to access my account from a browser from Kahluga and I immediately responded do not allow. I then started receiving emails that all my apple devices were lost and then locked. I immediately changed my password and was able to get back into my iPad, watch and phone, but my iMac is a different story. The screen is locked with a grey screen, access code boxes, and a message that gives a message to email to unlock.device@mail.com. I tried this and got an automated response telling me to pay $50 in botcoins to reactivate my device. I spent a couple of hours on the phone with apple support. I have another computer (HP) at home and logged in through it into my iCloud account, selected my devices, the iMac, and (with Apple support remotely viewing and telling me to do all of this)....the unlock and erase buttons were grayed out, so "unlock" cannot be selected. The only selection remaining for the iMac is play a sound. Needless to say, at this point technical support is turning over to their engineering department. I am waiting on a solution!!

This exact same thing happened to me as well. Luckily my watch and iPhone had 2FA but my mac did not. Now it is showing locked and asking to email: passcode@gmx.com. This mac was a gift four years ago and I do not have original receipt so apple can not do anything? So are all of my information/pictures lost forever?

Both are right.

There are 2 ways to turn off Lost Mode. One right on the device using the passcode, one at iCloud.com using your account credentials.

Public Service Announcement: Hacked ID's

you can't bypass two factor AFAIK

asdfasfwefwef wrote:

I find it very improbable that the hackers "guessed" my password or phished it from me...

They wouldn't have to. Do you use the same password on any other online accounts? If so, that account has probably already been breached at some point and your e-mail address and password are in the public domain.

Do you connect to untrusted wifi networks, such as those found in coffee shops, hotels, restaurants, etc? If so, you could have been phished or had a password that was sent insecurely captured and you'd probably never know.

Does someone else - a family member or friend - have your password? If so, you have to ask yourself in what ways they might have lost control of it.

Is your password a strong one, that can't possibly be guessed by anyone who has access to any of your other online accounts? If not, guessing is not an unlikely scenario.

Have you downloaded anything you shouldn't have lately? For example, if you downloaded Handbrake between May 2 and May 6 of this year, you may have gotten a compromised copy of the app that hackers had modified to drop malware on the system. Malware whose primary goal was to steal every piece of password-related data from your system.

As you can see from these examples, there are many ways that your account could have been compromised. And unfortunately, two-factor authorization does not protect against these remote locks via Find My iPhone, as has been pointed out previously on this thread.

If there were an Apple compromise, it would have been going on since at least early last year, when I documented a similar case. But there are no signs of such a compromise, and every indication that these hackers are getting account credentials through other means.

Nobody has bypassed 2FA, you've been phished. 2FA protects your iCloud account and data in it, that's still intact if I understand you correctly, it's your device that's been locked

When you denied access, did you have to enter your Apple ID and password?

Yes but none of that is because 2FA was compromised. 2FA isn't required to lock a device. Your Mac has been locked because you let someone have your password.