The REvil ransomware gang demanded a ransom from Apple for not having them leaked on REvil’s leak site before Apple Spring Loaded event which is slated for May 1st. The hackers claimed they had stolen product blueprints and that they are also “negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands.”
The attack came just as Apple was revealing its newest line of iPads and iMacs on Tuesday.
The news about the hack first appeared on Sunday when a REvil’s representative, a user on the cyber-crime forum XSS who uses the name ‘Unknown’ on the Dark Web, said REvil was about to announce its “largest attack ever,” in a post written in Russian.
Before extorting Apple, REvil first tried to get a ransom from Quanta Computer and claimed they stole “a lot of confidential data” from Quanta’s network. But the company refused to pay the ransom.
Quanta is a leading notebook manufacturer and one of Apple’s business partners. It is an original design manufacturer (ODM) and Apple Macbook Air, Apple Macbook Pro, and Apple Watch maker. Besides Apple, they count Dell, Hewlett-Packard, Alienware, Lenovo, Cisco, and Microsoft among their customers.
According to the Tor payment page, the demanded ransom is $50 million until April 27th and $100 million after that date.
To prove their point, REvil leaked over a dozen schematics and diagrams of MacBook components on its dark web leak site.
In a chat on that payment page, REvil said “drawings of all Apple devices and all personal data of employees and customers will be published with subsequent sale” if Quanta fails to pay the ransom.
REvil, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) operation that has been behind a few high-profile hacks the last month. They demanded record-high ransoms in recent attacks, including from Acer ($50 million), Pierre Fabre ($25 million), and Asteelflash ($24 million).
No more details are available at this point, as this is a developing story. Apple and Quanta have not issued any statements on the incident at the time of writing.