Quanta, a major Apple supplier, announced on Wednesday that it had been hit by the REvil ransomware gang, which has demanded a $50 million ransom from the iPhone maker to prevent confidential data from being leaked on the dark web.
In a post on its deep web “Happy Blog” portal, the hackers said it infiltrated the network of the Taiwanese manufacturer and obtained schematics for Apple products such as MacBooks and Apple Watch, saying it is demanding a ransom from Apple after Quanta showed no interest in paying to retrieve the stolen blueprints.
“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil operators said. “We recommend that Apple buy back the available data by May 1.”
After its discovery in June 2019, REvil (also known as Sodinokibi or Sodin) has established itself as one of the most prolific Ransomware-as-a-Service (RaaS) gangs, with the gang being the first to use the so-called “double extortion” tactic, which has since been copied by other groups looking to increase their chances of profit.
The tactic involves releasing a small number of files stolen from extortion targets before encrypting them and threatening to release more data until the ransom demand is paid.
Unknown, aka UNKN, is the key actor affiliated with advertising and spreading REvil on Russian-language cybercrime forums. The ransomware is also used as an affiliate service, with threat actors being hired to distribute the malware by breaching corporate network victims, whilst the malware and payment infrastructure are maintained by the core developers. Usually, 60 percent to 70 percent of the ransom money is received by the affiliates.
According to blockchain research firm Chainalysis, ransomware operators made more than $350 million in 2020, a 311 percent increase from the previous year.
Following an unsuccessful attempt to negotiate ransom with the primary victim, the latest development adds a new twist to the double extortion game, in which a ransomware cartel targets a victim’s consumer.