You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

💡 Did you know?

⏺ If you can't accept iCloud Terms and Conditions... Learn more >

⏺ If you don't see your iCloud notes in the Notes app... Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Ransomware Kalunga Russia iCloud Hack

My iCloud account was hacked by source supposedly from Kalunga Russia. My MacBook Pro and iMac desktop both show a lockout screen on start up and ask for a four digit PIN on my MacBook and a six digit PIN on my iMac Desktop. It says to email apple.device@gmx.com


There are reported fixes on REDDIT stating that resetting the PRAM / NVRAM by rebooting three times with the OPTION COMMAND P R keyboard combination will unlock the computer. I tried this and it does to work.


macosx - MacOS Ransomware with EFI Lock - Information Security Stack Exchange


Obviously someone has figured out how to hack into iCloud accounts bypassing two factor identification. This is a serious problem and Apple seems to be ignoring it as there is no information form Apple as to how to fix the problem or prevent icon accounts from being hacked. I assume Apple does not want to admit to security weaknesses.


If anyone has any information about this please post.


Message was edited by: mirvine1

MacBook, Mac OS X (10.5.4), MacBook / Powerbok G4 / iBook / iMac G3's / Airport Express / As

Posted on Aug 5, 2017 8:12 AM

Reply
Question marked as Top-ranking reply

Posted on Aug 5, 2017 12:44 PM

If this happened to you, they knew both your Apple ID and password. No other way for it to happen. It is/was not a hack of iCloud.


If you go to icloud.com and use your Apple ID AND your current password for a 2FA enabled account, the prompt for the verification code will pop up. You will also see an icon for Find My Device, which can be used without the verification code.


This allows users to place their devices in Lost Mode or for a Mac, add a firmware password, without the verification code. Just click the Find My ... icon.


User uploaded file


This is not a hack. You can't do this without the password.



This is a firmware password that was placed on your Macs. You should have received an email when it happened and your Macs rebooted spontaneously.


User uploaded file

There is no workaround. You must present your Macs at an AASP or ARS with your proof of ownership and they will unlock them.

User uploaded file


Use a firmware password on your Mac - Apple Support


There are reported fixes on REDDIT stating that resetting the PRAM / NVRAM by rebooting three times with the OPTION COMMAND P R keyboard combination will unlock the computer. I tried this and it does to work.

Not any more. In previous, less secure versions of OSX, this was possible.

53 replies

Ransomware Kalunga Russia iCloud Hack

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.