Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 1

25 points

Ransomware Kalunga Russia iCloud Hack

My iCloud account was hacked by source supposedly from Kalunga Russia. My MacBook Pro and iMac desktop both show a lockout screen on start up and ask for a four digit PIN on my MacBook and a six digit PIN on my iMac Desktop. It says to email apple.device@gmx.com

There are reported fixes on REDDIT stating that resetting the PRAM / NVRAM by rebooting three times with the OPTION COMMAND P R keyboard combination will unlock the computer. I tried this and it does to work.

macosx - MacOS Ransomware with EFI Lock - Information Security Stack Exchange

Obviously someone has figured out how to hack into iCloud accounts bypassing two factor identification. This is a serious problem and Apple seems to be ignoring it as there is no information form Apple as to how to fix the problem or prevent icon accounts from being hacked. I assume Apple does not want to admit to security weaknesses.

If anyone has any information about this please post.

Message was edited by: mirvine1

MacBook, Mac OS X (10.5.4), MacBook / Powerbok G4 / iBook / iMac G3's / Airport Express / As

Posted on Aug 5, 2017 8:12 AM

Best reply

LACAllen

Level 8

43,440 points

Posted on Aug 5, 2017 12:44 PM

If this happened to you, they knew both your Apple ID and password. No other way for it to happen. It is/was not a hack of iCloud.

If you go to icloud.com and use your Apple ID AND your current password for a 2FA enabled account, the prompt for the verification code will pop up. You will also see an icon for Find My Device, which can be used without the verification code.

This allows users to place their devices in Lost Mode or for a Mac, add a firmware password, without the verification code. Just click the Find My ... icon.

This is not a hack. You can't do this without the password.

This is a firmware password that was placed on your Macs. You should have received an email when it happened and your Macs rebooted spontaneously.

There is no workaround. You must present your Macs at an AASP or ARS with your proof of ownership and they will unlock them.

Use a firmware password on your Mac - Apple Support

There are reported fixes on REDDIT stating that resetting the PRAM / NVRAM by rebooting three times with the OPTION COMMAND P R keyboard combination will unlock the computer. I tried this and it does to work.

Not any more. In previous, less secure versions of OSX, this was possible.

View in context

53 replies