REvil Demands a Ransom for Not Publishing Apple’s Classified Data
We have recently written about the REvil attack on Acer and the record $50 million ransom payment demanded. This time, Apple was impacted through its vendor by the REvil cyber gang, who claimed to have stolen the latest blueprints for the company’s new products. The REvil group demanded a $50 million ransom to be paid by April 27. Otherwise, the ransom would raise up to $100 million.
It all started on April 20, when a criminal group behind ransomware REvil announced that it had infiltrated data from the Quanta Computer Inc. network. The company is known to be one of the main suppliers of Apple and is engaged in the production of Apple Watch, Macbook Air, and Macbook Pro.
According to BleepingComputer, the attackers began negotiations with Quanta and announced that they have encrypted data on their local network and must pay $50 million by April 27. After Quanta refused to negotiate, the attackers switched directly to Apple and began to demand a ransom from them warning that “drawings of all Apple devices and all personal data of employees and customers will be published with the subsequent sale”.
To prove its intentions, the ransomware posted dozens of blueprints of MacBook laptops on the Darknet along with component-specific serial numbers, sizes, and capacities. While there is no indication that any of these are new Apple products, one of the images is signed by the name of an Apple designer and is dated March 9, 2021. So far, there is no additional information or comment from Apple and Quantum regarding the attack.
In the period of mid-March to the present moment, the REvil group has already managed to extort at least $99 million: Acer — $50million, Pierre Fabre — $25 million, Asteelflash — $24 million. In the attack on Acer, the cybercriminals exploited the ProxyLogon vulnerability in the unprotected Microsoft Exchanges mail server. The same vulnerability was exploited in the DearCry ransomware attack.
Let’s take a look at how SpinOne would protect against REvil ransomware.
The encrypted files on the local computer are synced to Google Drive:
SpinOne Ransomware Protection successfully detects and stops the attack. Then, SpinOne recovers the encrypted files in the cloud.
The files on Google Drive have been successfully recovered by SpinOne:
Read also
- https://spin.ai/solutions/ransomware-protection-saas-data/
- https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/
- https://www.bloomberg.com/news/articles/2021-04-21/apple-targeted-in-50-million-ransomware-hack-of-supplier-quanta
- https://medium.com/spin-ai-ransomware-protection/acer-hit-by-revil-asking-to-pay-50-mln-as-ransom-1175407d686a
- https://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/
- ]https://www.bleepingcomputer.com/news/security/asteelflash-electronics-maker-hit-by-revil-ransomware-attack/
