On Tuesday, the infamous REvil ransomware gang publicly claimed that it had hacked Quanta Computer, a Taiwan-based third-party supplier that partners up with several large U.S. tech companies, including Apple, Dell, Hewlett-Packard, and Blackberry.

As one of the largest laptop manufacturers in the world, Quanta assembles Apple’s products based on designs supplied by the Cupertino company, which means there is a logical basis for the theft claims.

revil ransomware claim screenshot heimdal security

Image Source: Twitter

The gang has demanded that Apple pay for the stolen documents “by May 1st,” or else “more and more files will be added [to the leak site] every day.” According to BleepingComputer tech reporter Sergiu Gatlan, the ransomware group is extorting Quanta for $50 million, giving the company until April 27th to pay for the alleged stolen data.

REvil also mentioned that they are “negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” which means that Apple may not be the only company affected by the hack.

The extortion attempt was also perfectly timed to coincide with the Spring Loaded event, where Apple announced new products and software updates.

This is the first major incident where a ransomware gang has publicly requested a ransom demand from a victim’s customer after the attacked company refused to pay a ransom fee, notes threat intel analyst Dmitry Smilyanets.

For the time being, it’s hard to say whether the documents REvil supposedly has are actually all that important. The designs from the leak site look like basic Macbook blueprints and don’t appear to be top-secret work. It wouldn’t be the first time that hackers are not telling the truth about the severity of the hack.

However, REvil ransomware is a prominent gang that has actively sought to impose a fearsome reputation by targeting high-profile companies.

In early April, French EMS company Asteelflash confirmed it has been the victim of a cybersecurity incident, recognizing the involvement of REvil ransomware.

REvil also launched a service for contact to news media, companies for the best pressure at no cost, and DDoS (L3, L7) as a paid service. Threat actors, or affiliated partners, will perform voice-scrambled VoIP calls to the media and victim’s business partners with information about the attack.

PC vendor Acer also became the victim of a REvil ransomware attack. The requested ransom might be the largest one to date, REvil asking for $50 million.

It is believed that 59% of buyers are likely to avoid companies that suffered from a cyberattack in the past year.

So far, neither Apple nor Quanta responded to the claims that they have been hacked.

REvil/Sodinokibi Ransomware: Origin, Victims, Prevention Strategies

New REvil Ransomware Version Automatically Logs Windows into Safe Mode

Asteelflash Hit by REvil Ransomware Attack

REvil Ransomware Hacked PC Vendor Acer

REvil Ransomware Group Threatens to Launch DDoS Attacks, Call Journalists and Business Partners

Leave a Reply

Your email address will not be published. Required fields are marked *