Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web.
In a post shared on its deep web “Happy Blog” portal, the threat actor said it came into possession of schematics of the U.S. company’s products such as MacBooks and Apple Watch by infiltrating the network of the Taiwanese manufacturer, claiming it’s making a ransom demand to Apple after Quanta expressed no interest in paying to recover the stolen blueprints.
“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil operators said. “We recommend that Apple buy back the available data by May 1.”
Since first detected in June 2019, REvil (aka Sodinokibi or Sodin) has emerged as one of the most prolific ransomware-as-a-service (RaaS) groups, with the gang being the first to adopt the so-called technique of “double extortion” that has since been emulated by other groups to maximize their chances of making a profit.
The strategy seeks to pressure victim companies into paying up mainly by publishing a handful of files stolen from their extortion targets prior to encrypting them and threatening to release more data unless and until the ransom demand is met.
The main actor associated with advertising and promoting REvil on Russian-language cybercrime forums is called Unknown, aka UNKN. The ransomware is also operated as an affiliate service, wherein threat actors are recruited to spread the malware by breaching corporate network victims, while the core developers take charge of maintaining the malware and payment infrastructure. Affiliates typically receive 60% to 70% of the ransom payment.
All these aggressive shifts in tactics have paid off, as ransomware operators netted more than $350 million in 2020, a 311% jump from the previous year, according to blockchain analysis company Chainalysis.
The latest development also marks a new twist in the double extortion game, in which a ransomware cartel has gone after a victim’s customer following an unsuccessful attempt to negotiate ransom with the primary victim.
We have reached out to Quanta for comment, and we will update the story if we hear back.
However, in a statement shared with Bloomberg, the company said it worked with external IT experts in response to “cyber attacks on a small number of Quanta servers,” adding “there’s no material impact on the company’s business operation.”