iMac locked up like Ft.Knox!

Discussion in 'iMac' started by TorTor24, Nov 7, 2017.

  1. TorTor24 macrumors newbie

    TorTor24

    Joined:
    Nov 7, 2017
    #1
    I have a 2011 iMac that was of course working just fine. I got an alert it had been locked with my iCloud so powered up, and on the screen it says disabled try again in 60 minutes and has a fake email at the bottom to email if I can't get the iCloud unlock password. According to Apple, my iMac is not in fact locked by iCloud so I can only assume this is a fake screen especially since it's got a fake email at the bottom and no place for me to actually enter the password.

    I tried resetting SMC/NVRAM and this enables a firmware lock screen which I've never setup
    I can pull the RAM and remove it and it goes back to the faux iCloud screen but any action I take results in the Firmware lock screen.
    Can't boot into recovery, can't select startup disk to remote reset with Target Disk from another Mac
    can't start in Single User mode- NOTHING WORKS!
    PLEASE HELP!!!
    Apple won't help because I can't get proof of purchase from Best Buy since it's more than 5 years old.
     
  2. nambuccaheadsau macrumors 68000

    nambuccaheadsau

    Joined:
    Oct 19, 2007
    Location:
    Nambucca Heads Australia
    #2
    Do you mean FileVault screen lock, or firmware?
     
  3. TorTor24 thread starter macrumors newbie

    TorTor24

    Joined:
    Nov 7, 2017
    #3
    Firmware
    --- Post Merged, Nov 7, 2017 ---
    This is the initial screen I see but then if I try to boot in recovery or anything else I get the gray screen with the padlock and asks for password
     

    Attached Files:

  4. fusionid macrumors member

    Joined:
    Jul 11, 2015
    #4
    what sounds like a virus of sorts. Yikes, sorry man.
     
  5. TorTor24 thread starter macrumors newbie

    TorTor24

    Joined:
    Nov 7, 2017
    #5
    I was thinking so :/ just can't find a way to boot past it at all or to recovery
     
  6. Fishrrman, Nov 8, 2017
    Last edited: Nov 8, 2017

    Fishrrman macrumors P6

    Fishrrman

    Joined:
    Feb 20, 2009
    #6
    "I have a 2011 iMac that was of course working just fine. I got an alert it had been locked with my iCloud so powered up, and on the screen it says disabled try again in 60 minutes and has a fake email at the bottom to email if I can't get the iCloud unlock password. According to Apple, my iMac is not in fact locked by iCloud so I can only assume this is a fake screen especially since it's got a fake email at the bottom and no place for me to actually enter the password."

    Sounds to me like you've been hit by some version of the iCloud/ransomware/cryptolock scheme that has emerged recently.

    I believe the way it works is that someone hacks into your iCloud account, then uses it to set a firmware password on the Mac, then posts with it an email address to which you can send a ransom payment -- after which the scammer will then unlock the account (or something to that effect).

    Here are some links to read up on:
    https://discussions.apple.com/thread/8038812?start=0&tstart=0
    https://www.macworld.co.uk/how-to/mac/how-remove-mac-ransomware-3659100/
    https://forums.macrumors.com/threads/possible-ransomware.2044306/
    https://security.stackexchange.com/questions/166425/macos-ransomware-with-efi-lock
    https://community.spiceworks.com/topic/2033185-macbook-pro-ransomware
    (there are numerous others)

    The "free way" to solve this:
    You have to take the affected Mac to an Apple store (I don't think that 3rd-party providers can do this), along with proof-of-purchase, and then they'll do some routine on it that resets the firmware password, after which you can get back into it again.
    THEY WILL NOT DO THIS UNLESS YOU HAVE PROOF OF OWNERSHIP -- BILL OF SALE, INVOICE, ETC. (shouting intentional).

    If you DON'T have the original bill of sale or invoice, you're going to have to find some "non-approved" way to get it done.

    OOPS -- just saw what you posted:
    "Apple won't help because I can't get proof of purchase from Best Buy since it's more than 5 years old."

    There are folks on ebay who sell solutions to this.
    I have NO experience with them, just know that they are there.
    Whether this route can be of use to you, you'll have to investigate yourself.
    Edit:
    I just looked on eBay and see offers to reset the firmware for iMacs running in the $150-200 range. Some technical knowledge on your part is required.

    You can offer to pay the ransom, but there's no guarantee that after you've paid, you're going to be given a solution to "get back". The scammer may take your money, give you a reset code (if that's the way they do it), and then... the reset code won't work. You'll be out of your money AND your data. My recommendation is: don't pay.

    Other than that, the only other things I can think of that might work is to replace the iMac's motherboard with a non-locked one.
    Or, perhaps it's time to look for another Mac.
    Hope you have a backup.

    If it was me -- and if I had a backup (which I do) -- and if it was going to cost more than, say, $200 to "fix" it -- I think I'd be shopping for another Mac.

    Sorry this had to happen to you.

    It's just one more reason why I don't use iCloud.
    Never have logged into it, ever.
    Never will.
     

Share This Page

5 November 7, 2017