Level 1

25 points

Ransomware Kalunga Russia iCloud Hack

My iCloud account was hacked by source supposedly from Kalunga Russia. My MacBook Pro and iMac desktop both show a lockout screen on start up and ask for a four digit PIN on my MacBook and a six digit PIN on my iMac Desktop. It says to email apple.device@gmx.com

There are reported fixes on REDDIT stating that resetting the PRAM / NVRAM by rebooting three times with the OPTION COMMAND P R keyboard combination will unlock the computer. I tried this and it does to work.

macosx - MacOS Ransomware with EFI Lock - Information Security Stack Exchange

Obviously someone has figured out how to hack into iCloud accounts bypassing two factor identification. This is a serious problem and Apple seems to be ignoring it as there is no information form Apple as to how to fix the problem or prevent icon accounts from being hacked. I assume Apple does not want to admit to security weaknesses.

If anyone has any information about this please post.

Message was edited by: mirvine1

MacBook, Mac OS X (10.5.4), MacBook / Powerbok G4 / iBook / iMac G3's / Airport Express / As

Posted on Aug 5, 2017 8:12 AM

Top-ranking reply

olmasterfrommontfoort

Level 1

4 points

Posted on Sep 20, 2017 7:26 AM

It's a firmware lock..Apple will not provide a solution. Due to the fact that it is suppost to work like this. They can't get to your data. The only thing is you can't either due to the firmware lock.

The only thing you can do is bring the original reciept and go to an Apple store. They will get a new firmware code and this will unlock your device.

View in context

53 replies

LACAllen

Level 8

43,590 points

Aug 13, 2017 7:03 PM in response to Miamoo0110

I would guess you have a hardware failure.

I would bring/send it in for service.

thomas_r.

Level 7

32,031 points

Aug 14, 2017 10:08 AM in response to mirvine1

It is possible to use the Find my iPhone app in iOS without 2FA. That's undoubtedly how this was done, and has been done repeatedly lately.

Aug 15, 2017 12:57 AM in response to LACAllen

"You must present your Macs at an AASP or ARS with your proof of ownership and they will unlock them."

I did so, and they could't help me. Still the same problem.

Aug 15, 2017 8:58 AM in response to lilacien

Nonsense, the password was phished or guessed or otherwise obtained from malware installed by the user on one of their devices.

lilacien

Level 1

8 points

Aug 15, 2017 9:47 AM in response to Winston Churchill

Well time will tell as more people "suddenly" don't know how to protect their devices.

LACAllen

Level 8

43,590 points

Aug 15, 2017 9:57 AM in response to lilacien

Disable Find My Mac if you're not going to use it. Problem solved.

Change your Apple password often and don't re-use passwords across multiple ID's.

Aug 16, 2017 5:31 AM in response to mirvine1

Only 1 solution. Go to an Apple store /ASP with the invoice of your purchase. Have them solve it.

Aug 16, 2017 7:35 AM in response to thomas_r.

I see that and am glad I didn't get around to trying it.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Ransomware Kalunga Russia iCloud Hack