3

I was away on business and on returning found my Macbook Pro at home locked out. Turns out someone hacked my Apple ID which I was able to recover but I don't know the PIN. It shows message in a weird language with email address of [email protected]

I have my iCloud access restored now and also have my Macbook with me so how the heck do I unlock my Macbook Pro?

I do have my Macbook backed up on Time Machine as well but I don't know if locking messes up my Time Machine backup too.

BTW, the hacker tried to lock my other macbook pro as well which I was carrying but that one is showing as lock is pending. How can I cancel that lock as well?

enter image description here Please help!

Following is the message I received from sending email to the above email address (it is translated by google mail).

IMPORTANT: All dialogue and access only to that address [email protected] (the post office where you received this note is not to answer!)

Your device is locked. Multiple password will lead to complete failure of the device for a day or more. Account Access apple id changed, with the full payment of all "active" devices, you will receive a new password, and new mail on your Apple account. Possible partial payment (for more details in the paragraph "Guarantees (payment phase)." If you ignore and do not pay at least one device, all your data will be deleted from the device, the phone switches to "Activation" (request to enter the mail and password appleid and welcome screen). P .S. With difficulty paying within 3 days, please let us know what to avoid erasing your devices.

Unlocking takes 30-60 minutes. The cost depends on the number of devices that are linked to your Apple ID devices (iPhone, iPod, iPad): - 1 device - 1000 rubles. - 2 devices - 1600 rub. - 3 or more - 750 rubles per 1 unit. * * (3 2250rub device = 4 = 3000rub devices and so on.) For devices (MacBook, iMac): - 1 device - 2000 rubles. - 2 devices - 3000 rubles. - 3 or more - 900 rubles per 1 unit from the category MacBook, iMac.

In the case of your account on the device iPhone / iPod / iPad and Mackook / iMac - the amount is added according to the count of devices in each price list. (For example: You have 2 1 iPhone and MacBook. Amount (2 devices - 1600 rub. +1 Device - 2000 rubles. = 3600 rubles).

Guarantees (payment phase): If you have a Apple ID attached 2 or more devices for the 1st of them need to enter a 4 - 6-digit password (no password for Apple ID), you can pay first for one unit of 1000 rubles. And get the unlock code . Ensure the integrity, pay for the next (+ 600 rub. For the second unit, 2250-1600 rubles. = 650 rubles. For the third, and other devices). The number of units and the presence of a code on your device can be found by writing to the e-mail published in the beginning of the letter.

Payment options and instructions:

10% discount when paying BITCOIN: -1. Payment cryptocurrency Bitcoin Pay simply and quickly (without registration / verification, etc.) as follows: --- -I- A terminal site Indacoin https://ru.indacoin.io/change Bitcoin purchase immediately. Payment Options through the terminals RF is taken from the site: You can pay the bill in either the payment terminal or interior relations of Russia (Euroset, Messenger, JCB, Comepay, Novoplat et al.) - -II- Via Visa / MasterCard, or EPS, etc. can be performed automatically through Instant exchange https://jetchange.com/

-2. Russian MTS (mts.ru). Adding to the number issued to you (approx. 791 * - *** - ** - **) Russian mobile operator MTS. In case of problems with this payment (the location is not in the territory of the Russian Federation, the lack of terminals MTS Russia in your city), write to the postal address given for the answer at the beginning of the letter. -3. Payment by credit card or replenishment through the terminal Eleksnett. Read more on the website: https://elecsnet.ru

After receipt of money to the purse, you get paid for your access and unlock codes for 20-60 minutes. If you agree, then forward the application to the address [email protected] showing your Apple ID (the account on the device) and the text: "I agree to pay (Bitcoin / MTS / on Elecsnet-bank card)." After clarification of your questions (if present) - get details and the amount to pay.

IMPORTANT: If you do not know how to pay or have any other questions, please contact! (Check the folder "Spam")

Improve this question
3
  • 1
    Your machine has been infected with ransomware. The language is Russian. Your computer is blocked and you must send an email to that address to unblock your computer. I do not recommend sending an email, though, to unblock your computer. Can you boot the computer in safe mode (hold down Shift whilst booting)?
    – IconDaemon
    Commented Nov 7, 2015 at 16:22
  • safe mode doesn't help as well. I don't know if it is ransomware as it looks like the hacker had reset my password in iCloud and added their email to it.
    – Gary
    Commented Nov 7, 2015 at 17:10
  • The email reply is proof your Mac has been compromised. The attacker most likely had root access to your Mac and was able to wreak havoc with iCloud and has access to everything on your Mac. If you stored Credit Card numbers, passwords to banking sites, you may be open to identify theft and other nasty things. Take appropriate action NOW to avoid more pain.
    – IconDaemon
    Commented Nov 7, 2015 at 17:57

3 Answers 3

Reset to default
4

Based on IconDaemon's response, I removed the RAM and pressed cmd+option+P+R to reset the firmware password and rebooting back resolved this issue (since I had recovered my iCloud account and reset the password).

Improve this answer
0
1

This may not be a complete answer, but off the top of my head, I would turn the Macbook off, then turn it back on while holding down Cmd+R to boot into Recovery Mode. Then open a terminal window, and as long as FileVault isn't turned on, you can change the password for any user using the single command resetpassword (which I personally feel is incredibly insecure, but that's beside the point).

Then, restart normally, log in as the user with the new password, and completely disable iCloud, or if you have the service secured now with an updated password, everything should be fine. Just to be safe, I would remove your iCloud account and then re-add it. That may be over-doing it, but it's just what I would do if it were me.

If worse comes to worst, just reboot into Recovery Mode holding Cmd+R (as stated above) and do a restore from your latest Time Machine backup.

If you have iCloud access securely-restored as you said, there may be a way to unlock remotely using FindMyiPhone (which also registers other devices) if that option is enabled on the computers you wish to unlock.

Improve this answer
6
  • I do have FileVault enabled for security and I don't see any option in iCloud to unlock any device on web as well as iOS interface for Find my iPhone.
    – Gary
    Commented Nov 7, 2015 at 15:53
  • cmd+R option brings up a lock screen but I don't even remember what password it is asking for.
    – Gary
    Commented Nov 7, 2015 at 15:57
  • Open a root Terminal via the Cmd+R method as stated in my answer, (it should be asking you for your normal user password) and run the command fdesetup disable to disable FileVault, and then run through the steps in my answer. Keep in mind, depending on the size of your drive, FileVault decryption could take DAYS. I had to do this recently in order to solve some problems with a Mac Mini server, and it literally took 3 days to decrypt. I really hope someone posts a better answer than this, but these would be the steps that I would take if it were me.
    – rubynorails
    Commented Nov 7, 2015 at 16:05
  • Unfortunately, cmd+R option is showing password lock for Mac firmware password which I don't know either. This is a company macbook bought in 2010 after which the company got bought by another company and most of their IT staff is laid off.
    – Gary
    Commented Nov 7, 2015 at 16:24
  • 2
    In the past, changing the amount (increase or decrease) of RAM installed in a Mac would bypass Open Firmware on the next boot, if you can get into the MacBook to begin with, that is.
    – IconDaemon
    Commented Nov 7, 2015 at 18:06
1

The same problem happened with me a pair days ago. But finally I was lucky and now my iMac, iPhone and iPad are unlocked and being safe.

Here is my story (use Google Translate or Google Chrome to read this in English): http://serdeles.livejournal.com/636852.html

If hackers didn't change password to your ID, it is cool. If they do, it's sad. First I thought they've changed my password and deleted my ID because when I tried to login in my Apple ID I was noticed there is no such Apple ID. But then I noticed in my iPad settings some unknown ID. Not mine. I used this ID as a login with my password. This trick helped. I changed back my ID. I logged in iCloud and turned off the Lost devices mode.

Good Luck! Hope, this information is useful.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .