Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

TorTor24

macrumors newbie
Original poster
Nov 7, 2017
3
0
I have a 2011 iMac that was of course working just fine. I got an alert it had been locked with my iCloud so powered up, and on the screen it says disabled try again in 60 minutes and has a fake email at the bottom to email if I can't get the iCloud unlock password. According to Apple, my iMac is not in fact locked by iCloud so I can only assume this is a fake screen especially since it's got a fake email at the bottom and no place for me to actually enter the password.

I tried resetting SMC/NVRAM and this enables a firmware lock screen which I've never setup
I can pull the RAM and remove it and it goes back to the faux iCloud screen but any action I take results in the Firmware lock screen.
Can't boot into recovery, can't select startup disk to remote reset with Target Disk from another Mac
can't start in Single User mode- NOTHING WORKS!
PLEASE HELP!!!
Apple won't help because I can't get proof of purchase from Best Buy since it's more than 5 years old.
 

Attachments

  • 23423605_10159553974775026_1311716079_o.jpg
    23423605_10159553974775026_1311716079_o.jpg
    1.1 MB · Views: 433
"I have a 2011 iMac that was of course working just fine. I got an alert it had been locked with my iCloud so powered up, and on the screen it says disabled try again in 60 minutes and has a fake email at the bottom to email if I can't get the iCloud unlock password. According to Apple, my iMac is not in fact locked by iCloud so I can only assume this is a fake screen especially since it's got a fake email at the bottom and no place for me to actually enter the password."

Sounds to me like you've been hit by some version of the iCloud/ransomware/cryptolock scheme that has emerged recently.

I believe the way it works is that someone hacks into your iCloud account, then uses it to set a firmware password on the Mac, then posts with it an email address to which you can send a ransom payment -- after which the scammer will then unlock the account (or something to that effect).

Here are some links to read up on:
https://discussions.apple.com/thread/8038812?start=0&tstart=0
https://www.macworld.co.uk/how-to/mac/how-remove-mac-ransomware-3659100/
https://forums.macrumors.com/threads/possible-ransomware.2044306/
https://security.stackexchange.com/questions/166425/macos-ransomware-with-efi-lock
https://community.spiceworks.com/topic/2033185-macbook-pro-ransomware
(there are numerous others)

The "free way" to solve this:
You have to take the affected Mac to an Apple store (I don't think that 3rd-party providers can do this), along with proof-of-purchase, and then they'll do some routine on it that resets the firmware password, after which you can get back into it again.
THEY WILL NOT DO THIS UNLESS YOU HAVE PROOF OF OWNERSHIP -- BILL OF SALE, INVOICE, ETC. (shouting intentional).

If you DON'T have the original bill of sale or invoice, you're going to have to find some "non-approved" way to get it done.

OOPS -- just saw what you posted:
"Apple won't help because I can't get proof of purchase from Best Buy since it's more than 5 years old."

There are folks on ebay who sell solutions to this.
I have NO experience with them, just know that they are there.
Whether this route can be of use to you, you'll have to investigate yourself.
Edit:
I just looked on eBay and see offers to reset the firmware for iMacs running in the $150-200 range. Some technical knowledge on your part is required.

You can offer to pay the ransom, but there's no guarantee that after you've paid, you're going to be given a solution to "get back". The scammer may take your money, give you a reset code (if that's the way they do it), and then... the reset code won't work. You'll be out of your money AND your data. My recommendation is: don't pay.

Other than that, the only other things I can think of that might work is to replace the iMac's motherboard with a non-locked one.
Or, perhaps it's time to look for another Mac.
Hope you have a backup.

If it was me -- and if I had a backup (which I do) -- and if it was going to cost more than, say, $200 to "fix" it -- I think I'd be shopping for another Mac.

Sorry this had to happen to you.

It's just one more reason why I don't use iCloud.
Never have logged into it, ever.
Never will.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.