Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Ransomware gang tries to extort Apple hours ahead of Spring Loaded event

mood

By mood
in Security & Privacy News

Recommended Posts

mood

mood

Posted
Posted

Ransomware gang tries to extort Apple hours ahead of Spring Loaded event

REvil-Apple.jpg

 

The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web.

 

The REvil crew claims it came into possession of Apple product data after breaching Quanta Computer, a Taiwanese company that is the biggest laptop manufacturer in the world and which is also one of the companies that assemble official Apple products based on pre-supplied product designs and schematics.

 

In a message posted on a dark web portal where the ransomware gang usually threatens victims and leaks their data, the REvil gang said that Quanta refused to pay to get its stolen data back and, as a result, the REvil operators have now decided to go after the company’s primary customer instead.

 

The REvil gang posted 21 screenshots depicting Macbook schematics and threatened to publish new data every day until Apple or Quanta paid the ransom demand.

 

REvil-Quanta-extortion.png

Image: The Record

 

Furthermore, the ransomware gang also hinted that the data of other companies might also be leaked online.

“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil operators wrote. “We recommend that Apple buy back the available data by May 1.”

 

Known customers of Quanta Computer include some of the biggest laptop vendors in the world, such as HP, Dell, Microsoft, Toshiba, LG, Lenovo, and many others.

 

A source familiar with the Quanta negotiations said the REvil gang asked for a $50 million ransom demand, similar to the sum they requested from laptop maker Acer last month. It is unclear how much money the REvil gang is expecting from Apple now.

Extortion attempt perfectly timed with Apple event

The extortion attempt was also perfectly timed for maximum visibility to coincide with the Spring Loaded event, where Apple announced new products and software updates.

 

Dmitry Smilyanets, a Recorded Future threat intel analyst, told The Record that the REvil public spokesperson, an individual going by the nickname of UNKN, hinted at today’s announcement in a forum post on Sunday, calling today’s leak as the “loudest attack ever.”

 

UNKN-post-1024x235.png

Image: The Record

 

Smilyanets told The Record that this is also the first major incident where a ransomware gang has publicly requested a ransom demand from a victim’s customer after the attacked company refused to pay a ransom fee.

 

This is a new approach in the double extortion name-and-shame technique, where the threat actor engages with the affected third parties after the unsuccessful attempt to negotiate ransom with the primary victim.

Dmitry Smilyanets, Recorded Future threat intel analyst

 

Reached out for comment, Apple said it was looking into the incident and had nothing to share at the moment. A Quanta Computer spokesperson could not be reached for comment, and a person taking calls asked call back the next day.

It is still highly possible that both companies downplay the incident and categorize the stolen data as non-sensitive.

 

Files leaked today show schematics for Macbook laptops, none of which are particularly sensitive nor appear to include anything beyond assembly information and technical details. One of the file was dated March 9, 2021, but is unclear if the depicted product was new or just updated technical specs.

 

While Quanta is considered the largest laptop manufacturer in the world, the second one, fellow Taiwanese company Compal suffered its own ransomware incident in November 2020 when it had some of its files stolen and internal network encrypted by the DoppelPaymer ransomware gang.

 

 

Source: Ransomware gang tries to extort Apple hours ahead of Spring Loaded event

Link to comment
Share on other sites
  • Replies 2
  • Views 1.1k
  • Created
  • Last Reply
aliyx

aliyx

Posted
Posted

Group behind REvil ransomware claims stolen files include plans for two laptops and a new Apple Watch

 

‘We recommend that Apple buy back the available data by 1 May,’ the hackers have said.
 
‘We recommend that Apple buy back the available data by 1 May,’ the hackers have said. Photograph: Ritchie B Tongo/EPA
 

Apple is facing a ransomware demand after a group of cybercriminals stole confidential plans for the company’s upcoming products from a supplier.

 

The “Sodin” group, which makes and runs a piece of ransomware called REvil, says it stole the plans from Quanta Computer, a Taiwanese company that assembles a number of Apple laptops.

 

Like normal ransomware, REvil encrypts victims’ files and demands payment to receive the encryption key and recover the data. But Sodin has gone one step further, attempting to steal the files themselves and extort payment from those who have backups by threatening to publish confidential data.

 

According to a statement posted on the criminals’ dark web site – which they call the “Happy Blog” – Quanta refused to pay the ransom, leading the hackers to begin threatening the company’s customers.

 

“In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many,” the blog says. “Tim Cook can say thank you Quanta. From our side, a lot of time has been devoted to solving this problem.”

 

The hackers claim that among the stolen documents are plans for a pair of Apple laptops, a new Apple Watch and a new Lenovo ThinkPad. To back up their assertions, they have posted a set of blueprints for some products, including schematics for the new iMacs that the company launched on Tuesday.

The ransomware demand was initially posted just hours before the company’s launch event, and the hackers say they will release more documents every day, adding: “We recommend that Apple buy back the available data by 1 May.” A similar extortion attempt from the same group, aimed at Acer, demanded $50m in exchange for deleting the files.

 

Already, internet users have begun to pore over the details of the leaks, noting differences with the current models on sale: a new version of the MacBook Pro is shown without the company’s controversial “Touch Bar”, for instance, and a potential return of HDMI ports, SD card readers and MagSafe connectivity to the machine.

 

Apple did not respond to a request for comment.

 

https://www.theguardian.com/technology/2021/apr/22/ransomware-hackers-steal-plans-upcoming-apple-products

Link to comment
Share on other sites
Karlston

Karlston

Posted
Posted

Similar topics merged.

 

@aliyx Thanks for your contribution, but please use Search before posting.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...