How to Remove Mac Ransomware SOLVED (Padlock Icon Lock) - How to, Technology and PC Security Forum |

How to Remove Mac Ransomware SOLVED (Padlock Icon Lock)

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Image Source:

Article created to help you remove the lockscreen Mac ransomware using e-mail to extort victims into paying in BitCoin.

A new ransomware from the Lockscreen type for Apple MacBooks has appeared in the wild. The virus does not havve a particular name, but uses sophisticated scripts to lock you out of your MacBook after which asks victims to enter a 4 digit code in order to unlock their Mac. The good news about this is that the 4-digit PIN can be cracked as @denichodev (Deni Cho) explains in Twitter. Read this article to learn how to unlock your MacBook without having to pay any ransom to the cyber-criminals behind Mac Ransomware.

Threat Summary

NamePadlock Mac Ransomware
TypeRansomware, Lockscreen
Short DescriptionAfter encryption locks MacBook users out of their devices setting a hidden 4-digit pin code.
SymptomsAttacks the login settings of the infected MacBook after which sets a black and white lockscreen with a white padlock and a place to enter a custom PIN code. Asks to contact
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Padlock Mac Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Padlock Mac Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does Mac Ransomware Infect

The infection process of Mac ransomware is conducted via multiple methods, involving the two main types of infection objects – malicious files and malicious web links. The malicious files may actually be installation files for apps downloaded from the Apple AppStore. Such apps may have malicious functions that may bypass the sandboxing protection and drop and install custom files, similar to the malware upload and download scheme for fake applications containing WireLurker ransomware below:

Another method may be if the app is sent online via a web link sent to users via chat services, via e-mail or other form of communication. Such web links may also be caused if you have adware that generates pop-ups on your Safari web browser. Such apps are considered to generally be safe, but some of them may cause a redirect to a dangerous third-party website.

Analysis of Mac Ransomware

Once the Mac “Padlock”ransomware slithers onto your computer it may extract files and hide them within your MacBook. After doing so, the virus may modify components of the login segment of the MacOS, resulting in displaying the following lock screen:

Image Source: Deni Cho Twitter Account (@denichodev)

From there, the virus asks to contact a so-called “Apple Help” e-mail and when this is done, the following message was reported to be sent from the cyber-criminals:

Your device is locked. To activate your device:
Pay 50$ to the Bitcoin Address: 1AQtRCX15YrXzPUZic7FbMotrqLemzjnRi
Buy bitcoins online: coinbase . com
Purchase bitcoins through a debit or credit card for buying bitcoins.
Register on the site.
After payment we send you a password immediately.
If you do not receive payment within 24 hours, the amount will be increased to 150$.”

Thankfully the code of this virus can be bruteforced manually, so keep reading to learn how to do it and unlock your computer for free.

How to Unlock Your MacBook from Padlock Mac Ransomware

Since the code is reported to be a 4-digit type of code, the virus can be bruteforced by simply writing down every possible combination from 0000 to 9999. However, the malware may lock your computer for 60 minutes if you are not careful. The user Deni Cho has managed to unlock his virus with a code 9169, but he had to try each combination, but has later identified that this virus can also be bruteforced. The expert asks to private message him in his Twitter account to understand how to bruteforce this screen and answer any questions on this virus.

If you manage to unlock your computer, we strongly advise you to pull all your files in the cloud and change all of your passwords. If possible, it is reccomended to extract the files on an external HDD and reinstall the MAC (Factory Reset it) to get rid of this threat after you have unlocked it with the code.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share