Apple stands at a point of facing a ransom demand from a notorious ransomware gang that is rather infamous in dark web circles – REvil. The focus has shifted to Apple after Quanta, the Taiwanese company that also serves as one of Apple’s suppliers, accepted to have faced a data breach on one of its servers, which has released a set of internet documents in the wild. With these including schematics of new and upcoming Apple products, the REvil gang has so far offered proof of the documents that it has in its arsenal, and also claimed that it will release further classified Apple documents in the open if its ransom demands are not met by a deadline of May 1st.
The $50 million ransomware demand has been made basis a breach that seemingly contains a whole set of engineering and manufacturing schematics that are linked to various companies that Quanta serves. REvil, which runs the infamous dark web data marketplace called Happy Blog, posted the Quanta data dump on its site, urging the company to pay up a ransom amounting to $50 million for its data – something that Quanta refused to pay. Now, REvil threatens to release further sensitive, commercial Apple data if its demands are not met.
Earlier, REvil had posted what it claimed were internal documents belonging to Acer India, which included its pay orders and commercial documents that also seemingly revealed the company’s bank documents. It has continued to post data dumps from breaches on significant companies, but none may have so far been as big as the attack on Quanta documents – in turn involving Apple.
Prior to the Apple Spring Loaded event on April 20th, REvil had posted schematics of the new iMac 2021, hence offering proof of its documents being legitimate. Further internal documents in its access also include a future MacBook design with new ports – which remains unreleased as of now. While Apple does maintain a tight hold on its internal documents, the trend of leaks means that revelation of company schematics is fairly regular. As a result, how the ransomware demand proceeds will likely depend on what other sensitive documents would the attackers have in their database.
