Apple Hit With $50 Million Ransomware Demand

Published · Apr 29, 2021

On April 20, 2021, REvil, a ransomware group, announced it had acquired confidential files from Quanta Computer Inc.—a Taiwanese manufacturer for tech companies like Dell, HP, and Apple. The stolen data reportedly includes schematics for Apple products that are yet to hit the market.

The group believed to be operating in Russia is behind one of the 45,000 known ransomware. It is among the pioneers of the new ransomware-as-a-service (RaaS) model, which employs an affiliate-like structure to spread malware. By simply offering a portion of its proceedings as commission, it can acquire agents practically anywhere.

REvil’s MO is collecting the data before encrypting it. It typically publishes a few files before making a demand, threatening to sell the data to a third party—a tactic known as double extortion.

The group already announced that it was negotiating selling Apple’s data. Quanta has since refused to pay the ransomware fee, according to info published on REvil’s blog.

REvil responded swiftly, now going after Apple directly in a sudden change of tactics. It released partial schematics for a number of devices, including two new Apple laptops and Apple Watch, taunting the tech giant. The whole thing went down mere hours before Apple itself announced the devices in its “Spring Loaded” event.

What Will Apple Do?

It’s a hard hit for Apple, which is known for storing its blueprints under lock and key. The tech giant already invested millions lobbying against right to repair laws that would grant unlicensed repair shops access to tech product schematics. It’s not hard to imagine it would pay the ransom fees to keep the plans out of third-party hands.

Charles Carmakal from FireEye estimates the ransomware gang already collected about $100 million in previous attacks and is only getting bolder. By all accounts, ransomware will only become a bigger problem.

In such times, it’s more critical than ever to protect yourself and your company from the increasing number of cyberattacks. A good antivirus, backup software, and a secure VPN service are essential to protect your data the best you can. And if you take employees, make sure to double down on background checking to prevent RaaS affiliates from sneaking in.

Branko Krstic
Branko Krstic

Branko is a round-the-clock tech geek and loving it. His ideal vacation destination is the Akihabara District (or really any place he can take his computer). If there’s a server out there, count on him to find out what it’s made of… and tell you all about it.