The REvil (Sodinokibi) hacker gang demands $50 million from Apple and Taiwanese manufacturer Quanta after stealing Apple device blueprints and threatening to leak them.
What Happened?
On the day of Apple’s new big announcements revealing new products, hacker gang REvil published some stolen Apple device blueprints that they swiped from Quantra, a Taiwanese manufacturer who makes computer devices for various clients, including Apple.
On the REvil gang's leak site, they posted Tuesday:
"In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many. Tim Cook can say thank you, Quanta."
Quantra had previously ignored the ransom demands, and therefore REvil responded with:
"From our side, a lot of time has been devoted to solving this problem. Quanta has made it clear to us that it does not care about the data of its customers and employees, thereby allowing the publication and sale of all data we have."
When prompted for a comment, both Apple and Quantra declined.
Along with the Apple blueprints, the REvil leak website mentions other Quantra customers like Cisco, Dell, HP, Siemens, Sony, and Toshiba. However, Dell has publicly denied any working relationship with Quantra, so where the list came from is anyone's guess.
The Extortion Game
After being rebuffed by Quantra, REvil started posting blueprints for Apple products to prove they were serious. Some of the device documents posted include Apple Watch, MacBook Air, MacBook Pro, and the ThinkPad Z60m (a device that dates back to the early 2000s).
It appears that some of the information posted on the REvil leak site came from the Wikipedia page about Quantra; some of it is inaccurate.
To pressure Apple or Quantra into paying the exorbitant $50 million ransom, REvil said:
"Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands. We recommend that Apple buy back the available data by May 1."
As reported by 9to5mac, an Apple news online publication, the leaked information appears to be legitimate, and they called it "deeply technical, including power voltage specifications and other nitty-gritty details."
REvil is a Serious Threat
The demand issued is good until April 27th, and then the $50 million price tag doubles to $100 million, according to The Bleeping Computer who acquired a copy of the ransom note. Along with the note, they reviewed communications between REvil and Quantra, which claim that the hackers also stole information about Apple's employees and customers.
Unfortunately, REvil is very adept at ransomware, typically targeting companies with deep pockets to ensure a healthy payout. They use very effective crypto-locking malware to cripple systems to force victims into complying.
Just last month, REvil target Acer, another Taiwanese device manufacturer, and they demanded $50 million from them as well.
Threat analysts claim that when cybercriminals demand a hefty ransom like this, they don't fully expect anyone to pay that much, but it leaves plenty of room for negotiation. Brett Callow of Emsisoft said, "To my mind, it's far more likely that the demand is intended to encourage companies to up their policy limits and make them feel lucky - and so more likely to pay - when they get hit with a 'modest' demand of $10 million."
Business as Usual
Despite the ransom drama, as planned on Tuesday, Apple rolled out its bevy of new spring products, complete with an all-new iMac 24" computer, iPhone 12 in purple, AirTags, and new iPad Pro. It's doubtful that Apple will pay any type of ransom despite the information leaked on the dark web. Apple is not known as being a company that would negotiate with terrorists.
