Breach, Threat Management, Data Security, Malware, Ransomware

REvil seeks to extort Apple and hits supplier with $50 million ransom

REvil – which has been on a tear the past several weeks – wants Apple to pay an undisclosed ransom by May 1 to “buy back” 15 stolen schematics of unreleased MacBooks and gigabytes of personal data on several major Apple brands they obtained from Quanta.

The ransomware gang also informed Quanta that it stole and encrypted all of its network data and was seeking a $50 million ransom to be paid by April 27. The ransom would go up to $100 million after the deadline passed.

Taiwan-based Quanta, which makes the Apple Watch, MacBook Air and MacBook Pro, refused to pay the ransom. Apple has not commented on the attack and it’s still unknown if they intend to pay the ransom, but Apple is well-known for fiercely protecting its intellectual property and brands.

None of this news dragged down Apple in the markets today; its stock price went up 39 cents a share, closing at $133.50.

Following today’s news of the attack on Quanta, Mike Beck, global chief information security officer at Darktrace, said there’s little doubt that complex digital supply chains are now a hacker’s paradise. Beck said suppliers must be held to higher standards, and recent calls from the Biden administration and the Department of Homeland Security for more stringent requirements for cyber security transparency and vetting are welcome. 

“In this case, attackers accessed Apple’s design blueprints via a trusted third party – and the full extent of the data taken is not yet known,” he said.

Oliver Tavakoli, chief technology officer at Vectra, said like many other franchise models, REvil aspires to create a clear sense of their brand, adding that it appears that the brand identity they are going for is “large-scale extortion.”

“All the messages are even cloaked in language commonly used by legitimate businesses – buy now to get a discount as it will cost more next week,” Tavakoli said. “Notwithstanding these eye-popping ransom requests, there’s little evidence of large-scale payouts to the REvil group. Preparedness by security teams for REvil is much the same as for any advanced attacks: maintain good security hygiene, track the attack surface, and invest in detection capabilities to find attackers who have gotten past the first line of defense. Additionally, scan your environment for known REvil indicators of compromise.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.