Apple Menaced After REvil Ransomware Attack Against Supplier
‘Quanta [an Apple supplier] has made it clear to us that it does not care about the data of its customers and employees, thereby allowing the publication and sale of all data we have,’ REvil wrote in a ransom note.
The REvil ransomware gang has stolen product blueprints from Apple supplier Quanta Computer and is threatening to leak the files if Apple doesn’t pay a ransom
REvil posted an extortion letter to Apple as well as some sample technical files on their dark web leak site, according to screenshots viewed by CRN. The hackers want Apple to pay up by May 1 to prevent its stolen data from being leaked, adding that they are “negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands.”
“Quanta has made it clear to us that it does not care about the data of its customers and employees, thereby allowing the publication and sale of all data we have,” REvil wrote in its ransom note. “More and more files will be added every day.”
[Related: REvil Ransomware Targets Acer’s Microsoft Exchange Server: Source]
Quanta acknowledged “cyber attacks on a small number of Quanta servers,” but said there hasn’t been any material impact on the company’s business operation, according to a statement posted to the company’s website. Quanta said it has ensured that the containment and recovery of data are in process, and that the small range of services impacted by the attacks were brought back to normal.
“We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning the recent abnormal activities observed,” Quanta wrote in its statement. “We upgraded the level of cybersecurity by reviewing and enhancing current infrastructure for information security and protection.”
Apple didn’t immediately respond to a CRN request for comment, and declined to comment to NBC News on whether it intended to pay the ransom. Quanta refused to communicate with REvil or pay the ransom demand after the ransomware group allegedly stole “a lot of confidential data” from Quanta’s network, BleepingComputer reported. Quanta makes the Apple Watch, MacBook Air and MacBook Pro.
REvil is demanding a $50 million ransom if Quanta pays by April 27, after which point the ransom would double to $100 million, according to a Tor payment page shared with BleepingComputer. So far, REvil has leaked more than a dozen schematics and diagrams of MacBook components on its dark web leak site, though BleepingComputer said there’s no indication that any of them are for new Apple products.
In a negotiation chat on REvil’s payment site seen by BleepingComputer, REvil warned that “drawings of all Apple devices and all personal data of employees and customers will be published with subsequent sale” if Quanta didn’t begin negotiating a ransom. After that time frame expired, BleepingComputer reported that REvil published the MacBook schematics to its data leak site.
Threat actors are no longer content with just threatening to release exfiltrated data, according to Brett Callow, a threat analyst with New Zealand-based Emsisoft. Instead, Callow said they use the stolen data to contact customers, for spear phishing attacks, and even to extort money from a third-party whose data was exposed.
"This broadening in scope was a logical progress as, obviously, it provides the actors with opportunities to monetize each attack," Callow said. "And potentially to extort more money as the customers may be bigger, and better insured, than the targeted company."
Customers of Quanta include Amazon, Apple, Cisco, Dell, Hewlett-Packard, Lenovo and Microsoft, according to REvil’s ransom note. Quanta is the world’s second-largest original design manufacturer of laptops based on the number of ODM laptop units sold, behind only Compal, who was also targeted by ransomware in 2020, BleepingComputer reported.
The extortion attempts against Apple come a month after REvil targeted a Microsoft Exchange server on Taiwanese PC giant Acer’s domain. REvil claimed on their leak site March 18 that they had broken into and stolen Acer’s unencrypted data, with the ransomware group demanding a $50 million ransom, LeMagIT reported March 19.