iPhone locked for ransom: how to recover if it's offline?

I'm trying to help a friend who got her iPhone locked for ransom through the "I lost my iPhone" feature. The screen is locked and says "Dlya polucheniya parolya, napishite na e-mail: [email protected]". I got her to change her password and use the "sign out of all browsers" option on AppleID so now she should be the only one with access to it. I thought that was over, but when she accessed the "Lost my iPhone" page to unlock the phone it said "Device is offline". We checked and the iPhone seems to have WiFi off and says "SIM locked" in the status bar, upper left.

I looked around for a solution, but found nothing. I searched the ransom message over google (https://www.google.it/search?q=Dlya+polucheniya+parolya%2C+napishite+na+e-mail:+helpicloud3%40gmail.com) and found 3 sites: two in Russian (still have to check them) and one in English (http://kilishek.com/index.php/2016/05/14/friday-13-my-apple-id-was-hacked/), where someone describes the same exact ransom happening the same exact day, but he had no problem in recovering the iPhone.

Can someone help me?

Edit: Problem solved: the iPhone's SIM had the PIN activated and this prevented it from connecting to the cloud.


Solution 1:

If this iPhone model has a SIM card, try to put it to another phone/iPhone and try to disable SIM Pin.

On iPhone: Settings -> Phone -> SIM PIN -> disable

Then put this SIM again to your friend's iPhone and reboot it. After restart, iPhone should automatically log in to cellular network and you should be able to disable the lost mode using iCloud page.

Maybe your friend should consider using two factor authentication to enable additional protection to iCloud account: https://support.apple.com/en-us/HT204915

Solution 2:

Contact Apple. Immediately.

  1. This is probably a security breach of your friend's iCloud account. In order to lock your friend's iPhone, his/her iCloud password is required.
  2. This could either mean that there is a security flaw within iCloud that is not known by Apple and has been exploited or that your friend might have leaked their credentials to a phishing scam.

You can contact Apple support right here: https://getsupport.apple.com

Alternatively, because your friend's phone is being held for ransom, you might want to contact the local police and report a case.

You may want to try SvenS's answer and see if that disables the SIM lock, though I doubt it is the cause of the phone being locked.