The REvil ransomware group has claimed another scalp, hitting Taiwanese electronics manufacturer Quanta and threatening to release confidential documents about upcoming Apple products.
Hours before Apple’s latest product launch, REvil posted about the incident on its dark web leak site ‘Happy Blog’ saying it wants Apple to pay a reported US$50 million ransom by 1 May.
"In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many,” it said.
“[Apple CEO] Tim Cook can say thank you Quanta.”
The statement was followed by screenshots of detailed schematics for building Apple Macbooks, displays, and keyboards.
A handful of files were subsequently published on the leak site including a PDF of what appears to be a Macbook circuit board attributed to senior Apple designer John Andreadis and dated March 9, 2021.
REvil said it is already in the process of off-loading the stolen data.
“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” it said.
Apple has not yet publicly responded to the incident.
Quanta said in a statement to Bloomberg that it has responded to a cyber attack “on a small number” of servers.
“We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed,” Quanta said.
“There’s no material impact on the company’s business operation.”
Denis Legezo, a senior security researcher at cyber firm Kasperky, said there was little companies like Apple could do to mitigate against suppliers falling victim to cyber attacks.
“Unfortunately, purely technical protection measures are not enough – the contractor's protection perimeter is under their jurisdiction,” he said.
“Manufacturers are left to impose strict information security requirements for their suppliers, as well as, for example, impose legal sanctions for such violations.”
REvil said it will keep posting new images every day until the ransom has been paid.
Also known as Sodinokibi, REvil is a ransomware group believed to originate in Russia that operates business model dubbed as ransomware-as-a-service in which the group hires affiliates to distribute its malware to unsuspecting businesses.
Last month it demanded Acer pay $64 million in cryptocurrency to stop it from leaking files.
One of the group’s leaders who goes by the name of UNKN (Unknown) said in a recent interview that there is more money from the extortion side of its criminal enterprise than in selling decryption keys.
He also said REvil makes around US$100 million a year from its operations.