Ransomware Kalunga Russia iCloud Hack

Discussion in 'Mac Basics and Help' started by Southern Dad, Aug 15, 2017.

  1. Southern Dad macrumors 65816

    Southern Dad

    Joined:
    May 23, 2010
    Location:
    Georgia
    #1
    I have been using Apple products for a long time. In all those years, I have never had a malware issue. That all changed last night. I do have two-factor authentication turned on for my Apple ID. A pop up on my iPhone 7 Plus. It's a request for two-factor authentication from Kalunga, Russia. Obviously, I quickly clicked deny. Then my iPhone 7 Plus and iPad Pro both went into Lost Mode. When I fired up my MacBook Pro, what do I see? Yes, that wonderful Firmware Lock Screen that you enable with Lost Mode asking for my six digit code. Of course, it has the email address "unlock.device@gmx.com" to send an email. Not going to happen.

    A little research and I find out that this has been going on for a few weeks. It also did not take long to figure out that the only solution to this was a trip to the Apple Store Genius Bar. When I contacted Apple Support they tell me that they would be glad to set the appointment up for Saturday, September 26th! Really? That's the best that they can do? Luckily, the Apple Store at Mall of Georgia has walk in appointments. I will just have to endure the wait.

    Ransomware Kalunga Russia iCloud Hack is the name of this. I have linked the Apple Support thread. If you have an older Apple product there are solutions that work. But if you have a late model MacBook Pro, you will be going to the Genius Bar. You will also need proof of ownership. This is the order where you purchased your MacBook. I know, what about people who bought it used?

    Is anyone else having this issue? How did you deal with it? Did you have to break out the passport for a quick trip to Kalunga, Russia?
     
  2. Rok73 macrumors 65816

    Rok73

    Joined:
    Apr 21, 2015
    Location:
    Planet Earth
    #2
    Well, the only way to deal with it is to get in touch with Apple Support with a proof of purchase. What other way would there be?

    However, despite you having 2FA turned on those Russian guys must have gotten hold of your login credentials through phishing i.e. There is no other way because Apple's customer data hasn't been "hacked" or something.
     
  3. vkd Suspended

    vkd

    Joined:
    Sep 10, 2012
    #3
    I need a new sofa, laresangel357, can you hack one for me?
     
  4. Southern Dad thread starter macrumors 65816

    Southern Dad

    Joined:
    May 23, 2010
    Location:
    Georgia
    #4
    It is possible that the Russians were able to phish the username and password. I haven't traveled to Russia any time recently and I have not actually logged into anything using my Apple username and password in at least a month or more. The email account is actually different and only used for Apple as is the password.
     
  5. Fishrrman macrumors G4

    Joined:
    Feb 20, 2009
    #5
    Does one have to be an iCloud user to "get bitten" by this?

    I ask because I have no iOS devices and have NEVER once signed into iCloud.

    I really don't have any use for it, and will probably never use it in the future.

    Can they hack you "through iCloud" if you don't have an account there?
     
  6. Southern Dad thread starter macrumors 65816

    Southern Dad

    Joined:
    May 23, 2010
    Location:
    Georgia
    #6
    70 minutes... Mall of Georgia - Apple Store rocks.

    [​IMG]
     
  7. Southern Dad thread starter macrumors 65816

    Southern Dad

    Joined:
    May 23, 2010
    Location:
    Georgia
    #7
    While not an expert, I think you could be safe.
     
  8. BrianBaughn macrumors 601

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
  9. Southern Dad thread starter macrumors 65816

    Southern Dad

    Joined:
    May 23, 2010
    Location:
    Georgia
    #9
    I don't have Handbrake, at all. But the positive thing is that I lost no data. The Genius just booted the MacBook Pro to show the hash mark. Then he went into chat with someone and they gave him what he needed to make a USB drive to remove the Firmware Password.
     
  10. Michaelgtrusa macrumors 604

    Michaelgtrusa

    Joined:
    Oct 13, 2008
    Location:
    Everywhere And Nowhere
    #10
    Glad to hear this is all cleared up. Thanks for the heads up.
     
  11. Southern Dad thread starter macrumors 65816

    Southern Dad

    Joined:
    May 23, 2010
    Location:
    Georgia
    #11
    The biggest key that I learned was that it is important to keep your proof that you are the original purchaser of the equipment. If I had not been able to produce that order/receipt, I would have had a nice silver paperweight.
     
  12. Bahamut Eos macrumors member

    Bahamut Eos

    Joined:
    Mar 29, 2008
    Location:
    Los Angeles
    #12
    You are not the only one, I started a thread here a few days ago that this happened to me as well. Details are almost identical, only I didn't have 2FA set up before hand. I do now, but I'm hearing this still happened to a lot of people who had it set up.


    https://forums.macrumors.com/threads/icloud-being-hacked-in-progress.2061279/

    Here is another apple support page where it's happening to many other people. People who also say the had 2FA set up. I think apple has been compromised, and the hackers are rolling this out slowly to test it out.

    https://discussions.apple.com/message/32066655#32066655
     
  13. ApfelKuchen macrumors 68030

    Joined:
    Aug 28, 2012
    Location:
    Between the coasts
    #13
    Not compromised. The explanation is right there in that Apple discussion. You can enable Lost Mode without a 2FA verification code, just the Apple ID and password. This is a feature, not a bug.

    If a 2FA verification code was required to enable Lost Mode, a person might not be able to enable Lost Mode at all - iPhones are often a person's only 2FA trusted device, their iPhone phone number their only trusted phone number.

    I can see how Apple may have to tighten up the process (perhaps allowing no-authentication code when there's only one trusted device and/or one trusted phone number, but requiring the code if there are multiple devices/phone numbers), but that's just off the top of my head. I leave it to the people at Apple who work on this issue full-time to come up with the right answer.
     
  14. Southern Dad thread starter macrumors 65816

    Southern Dad

    Joined:
    May 23, 2010
    Location:
    Georgia
    #14
    Thank you, I will check out the thread. I have changed the password. It's long, it's complicated, and not going to be easily discovered. Even better is that I will not actually use that password except on the rare occasion that I need to use Apple ID.
     
  15. Bahamut Eos macrumors member

    Bahamut Eos

    Joined:
    Mar 29, 2008
    Location:
    Los Angeles
    #15
    I didn't notice it in the thread, but that actually makes a lot of sense. Thanks, I feel a little less nervous, although I'm sad that I don't feel I can trust that feature anymore, at least not on my most time sensitive systems.

    I'm happy but suspicious about why they didn't try to lock me out of the account though. Maybe they couldn't since I clicked Don't Allow....
     

Share This Page