You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

apple id hacked, Imac locked, ransom

So while I was sleeping, i got some emails from apple support (actually my husband saw it while i was still sleeping) telling me that "lost mode enabled on my iphone", second one was that my iphone was found near my actual location... And then my husband woke me up asking me if i did something in my sleep ???

We found another email that someone logged in to my apple id from chrome, windows ( we do not have or use any windows, pc and we never signed in on any pc/ windows )

We changed my apple id password, everything looked fine until we tried to turn my Imac (27 inch late 2011)...

we saw this

User uploaded file


after one minute there was this

User uploaded file




No one ever put any password ( except the admin / account password which is not 4 digit ). Also as you can see there is email unlock.device@gmx.com


I tried everything, searching for solutions online, and on this forum, chat with apple USA they couldn't help so they suggested a call, which I did and it lasted more then one hour then I was redirected to senior / advanced manager or something similar from apple in California...and after 3-4 hours my imac is still locked.


I will try to explain everything that we tried (me and apple support ) over that 3-4 hours ( chat one operator, call from another operator and then call from senior advanced support). In an email was sent to that address left under code ... I got this


unlock.device@gmx.com via mout-bounce.gmx.net

4:36 PM (9 hours ago)
User uploaded file


User uploaded file

User uploaded file

to me

User uploaded file

Hello!

We've blocked your device. To activate the device you need:
Pay 50$(USD) for a Bitcoin Address: 12yFuEpgnUKN1DCLNbhRPNEBBExJgEixTz
Buy bitcoins online: https://localbitcoins.net
How to buy bitcoins? https://localbitcoins.net/guides/how-to-buy-bitcoins
Inform us about the payment and we will send the passcode.
All your devices will be blocked within 24 hours if not receive payment.

1 PART APPLE SUPPORT CHAT

explained everything, operator sad that they never heard before about this problem, we tried to restart imac several times nothing, since i was able to get to my icloud account and see my devices including imac we tried to erase it, to lock it again and to play sound... everything was on pending... after 40 minutes operator suggested a call from someone else since she was not able to help.

2. PART APPLE SUPPORT CALL

I already had my apple case number another person went trough the whole chat conversation, said that this is impossible, never heard of before etc ...was surprised that i can see access my apple account ( find my phone , i cloud, basically everything) since it looks like someone got into my account and put my imac in lost mode.

After more then 40 minutes trying to reset, get into safe mode etc she said tha she needs to speak with her senior advisor ( something like that) and that she is not able to help me and I should continue the conversation with him

3.PART APPLE SUPPORT SENIOR ADVANCED MANAGER

I explained everything from the beginning, he suggested to try the same things, reset, get to safe mode,...etc

It never worked, so we tried to plug the internet cable to IMac hoping that it will as least show in online mode, but that didnt work out, in the end he suggested to erase my Imac from my icloud, from my devices hoping that it will free my device from everything ( like when you sell your device) but NOTHING changed the screen and that lock code with that email address. He was so surprised (senior manager) that he asked if we have some small kids or anyone else that could do/ type something by accident, since he could not believe that someone hacked my apple id and that they did not changed my password. And then I said that we dont have kids, and that even if i (or anyone from our family ) was sleepwalking, crazy or whatever how and why would anyone leave that email asking for 50$ worth bitcoins ????

He didnt have answers, checked official apple stores close to me and realized that since I am living in serbia , closest apple store is in Croatia ( also Serbia is not listed on apple forums, and we can not use 2 authentication security ). So I should try to contact official reseller /dealer in Serbia tomorrow and see what happens next.

I think this is serious problem with apple, all of them said that they never heard about it before but i can see other similar posts for different devices on this forum... and that is also confusing... I have no idea what to do next

I ll call the official reseller tomorrow and will update this tread...

If anyone has any suggestions i would be happy to try anything ... tnx


iMac, macOS Sierra (10.12.6), null

Posted on Aug 13, 2017 5:37 PM

Reply
37 replies

Aug 13, 2017 6:53 PM in response to JelenaI

The best solution is (from If you lost or forgot your firmware password - Apple Support)


If you forget your firmware password

If you can't remember the password you set using the Firmware Password Utility or Find My Mac, schedule a service appointment with an Apple Retail Store or Apple Authorized Service Provider. Bring your proof of purchase (original receipt or invoice) with you. If you plan to visit an Apple Retail Store, make a reservation (available only in some countries).

Apple Technical Support may not be able to help you any further.

Aug 16, 2017 6:06 PM in response to JelenaI

This has been a horrifyingly informative thread! It appears that Apple policy may be to only accept Proof of Purchase issued by an Apple Authorized reseller. Apple - Support - Help - Proof of Purchase


My only suggestion would be to try escalating until you reach someone who can make an exception. If your iMac appears under 'Devices' when you login to manage your apple ID ( https://appleid.apple.com/#!&page=signin) you could try showing that to the Apple store / service provider as your proof of ownership.


See also Loner T's suggestion.

Aug 16, 2017 6:25 PM in response to JelenaI

The proof of employment and the photocopy of the Studio receipt helps you establish the chain of ownership. The iMac has a serial number on it's rear panel - Identify your iMac - Apple Support . The purpose of Find My Mac and associated iCloud offerings is for the actual owner to manage the safety of the Apple device.


The Apple ID password is an individual's responsibility. You can publish your Apple ID password on the public internet and Apple will not stop you from such a decision. On ASC, I always ask users not to post the serial number of their devices so it is kept safe with the legitimate owner.

Aug 13, 2017 5:58 PM in response to Loner T

I dont have any other operating system, actually it happened just less the 48 hours after i reset and installed latest sierra on my Imac (it was a bit slow). I mac was basically clean from everything, I just installed adobe and that was it, didn t have a chance to install anything else... I ll try that so far I tried similar things with apple support

Aug 13, 2017 6:44 PM in response to Loner T

I know ....I loged in to my I cloud and i changed my password and i was able to erase, lock and play sound to my device but not to turn off lost mode... In the end apple support suggested to erase imac from my devices but nothing changed... I tried to use the cable for the intternet but it looks like this thing (locked screen ) is before the moment when your device (or just imac) is able to get in online mode...officially my device that hasnt moved an inch is in lost mode, and i cant force it to get "online", connect to wi fi to show it location ( hear the sound, erase it etc)... I mean let s be real it is an old device from 2011 no one ever asked about it before, I got it long time ago, I ve used it for many years ( must be 5-6) and then it is locked and i can not change it ??!!! sorry i know it is not your fault and i know that they are many reasons why apple invented icloud and all this but if it is not helping the users, and if you dont know what it is and in my case it is clear that some sort of mafia, pirates wants my money to unlock my device it is crazy, and it has to make you angry

Aug 13, 2017 6:53 PM in response to JelenaI

Your iCloud account was compromised because you did not secure it properly and/or you responded to a phishing attempt, resulting in your devices being locked and held for ransom. Apple will be happy to help if you can provide proof of purchase for the devices. If you can't provide the original proof of purchase, you're out of luck. Learn a lesson in securing your accounts from this.

Aug 13, 2017 6:59 PM in response to KiltedTim

I already said, It would be ok, normal and anything in case that this lock on my Imac does not have an email adress that actually wants bitcoins?!!! If it was anything else like an email from someone, or phone number from any country it would be fine ( like after 6 years you want you r imac back even if you sold it) but this is not a person, this is something else. And as i can remember apple has all the informations within the serial numbers ( at least for the mobile devices ) so they know when and where it was purchased etc... This is not the case this is something com;itely else...and i guess that not many people have original proof of purchase after 6 years

Aug 13, 2017 7:05 PM in response to Loner T

well they are frustrated because they cant deal with those people... wow someone actually hacked you and your system and who will suffer? ohh average Joe will suffer ... this is not about me or my old imac I have more devices, i have newer devices, my husband just got the latest macbook pro and iphone 7 it can happen to anyone...

And my country does not have official apple store, my country is not listed for support and I am forced to use apple id and to create my apple id from some other country and at the same time they have official resellers, dealers etc in my country...and you can get device officially trough our mobile operators...this is insane!

Aug 14, 2017 6:23 PM in response to JelenaI

You have every right to be upset....ironically, this same exact thing happened to me last night as well. Someone in Kalunga, Russia signed in on a PC to my icloud account and locked my iPad, iPhone, and MacBook Pro. I was able to get back into my iPad and iPhone when I woke up and after researching this all day I believe it's because I had a PIN code set up for those devices. The firmware passcode needed to unlock my MacBook Pro is another matter. I have the same exact message telling me to email that address. I did so (without including any information in email body) and the recieve an identical message to the one you received down to the Bitcoin address. Obviously it's the same person who did this to us, and on the same day. It happened during the night for me too (but I'm in the US so different time zones) and the message on my iPhone this morning when I woke up said my account was accessed at 3am. I do have the 2 factor authorization feature set up and it still happened to me! I called Apple support and they had never heard of it either....it blows my mind. I made an appointment at my local Apple Store to have them help me access my MacBook again....luckily I bought my MacBook online and the receipt was emailed to me, or I'd be screwed like a lot of the people I've seen online who threw out their 3 or 4 year old paper receipt and don't have proof of ownership. It's insane though that it's their own "Find My" feature that's causing this problem and they won't acknowledge it. I found articles online discussing how Apple received word earlier this year that some criminals had somehow accessed millions of iCloud usernames and passwords. Apple was asked by these criminals to pay a ransom and Apple didn't. Which they shouldn't have, obvioutlying, but they should have sent an email or some type of notification out to every iCloud account holder telling them of this possible breach and to change their passwords ASAP. I don't regularly check Apple or Mac websites (most people dont) so even if they had put a message on some remote web page of theirs about this issue, I never would have seen it. Maybe, it's not Apple's fault that iCloud accounts were compromised (which is debatable) but they should have done steps to prevent this Ransom hijacking from occurring....and they did NOTHING! I wish I had more of a voice and could tell people about this, but I don't really think there's much I can do about it. I never reply to or comment on this kind of stuff but considering how mad I am and the fact that the exact same thing happened to both of us within the same 24 hour time frame, I felt compelled to respond. Maybe this thread will help protect other people. But don't listen to some other posters; you have every right to be upset. Tomorrow, after my appointment at the Apple Store, I'll post on this thread again if they fix it and it's a fix that I can convey to you easily. Otherwise, good luck!

Aug 16, 2017 11:21 AM in response to JelenaI

J, Any luck on this. I go hit Tuesday early am. Apple was no help since it is on a Late 2009 Imac. I have two Iphone7s, an Ipad and Apple TV, yet no help cause my imac is a bit older. Not an issue that stemmed from my imac, yet a hack into Apple IDs that I think Apple should honor regardless.


Any info would be appreciated.


Thanks

apple id hacked, Imac locked, ransom

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.