The primary supplier of the Apple Inc. products, Quanta Computer Inc., had revealed that it had suffered a massive Apple ransomware attack caused by the REvil ransomware group. The hackers are now demanding the victim brand a ransom of $50 million for prohibiting them from leaking sensitive files on the darknet.
The threat actors had shared a post on its deep web portal named “Happy Blog”. The post mentioned that the hackers possessed the schematics of the U.S. company’s products like the Apple Watch and MacBooks. The schematics for the new laptop contained 21 images (screenshots) that seamlessly detailed the guts of the latest designed Macbooks as latest as of March 2021.
“On the right side of the machine, there’s a visible HDMI port, accompanied by a USB-C/Thunderbolt port and followed by an SD Card reader. The left side features two additional USB-C/Thunderbolt ports and a MagSafe charging slot, for a total of three USB-C/Thunderbolt ports instead of four as we have today”, Macrumors stated of their findings.
The company also mentions that the leaked images of the latest Macbook Pro floating in the feeds of Twitter give a clear idea that the new device will not contain a Touch Bar.
The Apple ransomware attack was caused by infiltrating the Taiwanese manufacturer’s network and claimed that it is making a ransom demand to Apple. However, Quanta expressed no interest at all in paying the ransom and recovering the theft blueprints.
“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil operators said. “We recommend that Apple buy back the available data by May 1.”
It seems that Apple is not the only one to suffer a data breach. The REvil group has also listed the other Quanta customers such as:
- Alienware Inc.
- Amazon.com Inc.
- Blackberry Ltd.
- Cisco Systems Inc.
- Fujitsu Ltd.
- Hewlett-Packard Inc.
- Lenovo Group Ltd.
- LG Electronics Inc.
- Microsoft Corp.
- Sharp Corp.
- Siemens AG
- Sony Group Corp.
- Sun Microsystems Inc.
- Toshiba Corp.
- Verizon Wireless
- Vizio Inc.
The REvil ransomware, also termed Sodinokibi or Sodin, was first discovered in June 2019. Since then, it has emerged as one of the most prolific RaaS or Ransomware-as-a-Service groups. The gang had been the first to adopt the technique of “double-extortion”. The other ransomware groups have now adopted this technique for maximizing their opportunities of making a profit.
The strategy finds its way to pressure the victim companies to pay the ransom primarily by publishing a couple of files. The hackers acquire these files via extorting the targets before encrypting them and then threaten to release even more data. They usually mention that if they are not paid the ransom on the given deadline, their data will be released in public.
Unknown (aka UNKN) is the main culprit associated with the promotion and advertisement of REvil ransomware on the various Russian linguistic cybercrime forums. The ransomware also operates as an affiliate service that recruits the threat actors for spreading the malware by breaching the victim’s corporate networks. Simultaneously, the core developers take charge of the malware maintenance and payment infrastructure. With the aid of the affiliate service, the affiliates receive 60%-70% of the ransom payments.
Considering the 2020 profit, the ransomware operators have netted over $350 million, which is a 311% leap from the previous year. This statistics is presented by the blockchain analysis company Chainalysis.
The current development with the Apple ransomware attack also marks a brand new twist in the double extortion method. In this, a ransomware cartel chases a victim’s customers after an unsuccessful attempt for negotiating a ransom with the primary victim.
“This is a new approach in the double extortion name-and-shame technique, where the threat actor engages with the affected third parties after the unsuccessful attempt to negotiate ransom with the primary victim,” Dmitry Smilyanets, threat intelligence analyst at Recorded Future, told The Record.
Quanta has also been reached out on the Apple ransomware hack. There is yet no response.
The company had shared a statement with Bloomberg, where they said to have been working with their external IT professionals in response to the “cyber attacks on a small number of Quanta servers”. Furthermore, they added that there is no material impact whatsoever on the company’s business operation.
Disclaimer: Read the complete disclaimer here.