The REvil ransomware gang asked Apple to “buy back” stolen product blueprints to avoid having them leaked on REvil’s leak site before today’s Apple Spring Loaded event.
The ransomware gang wants Apple to pay a ransom by May 1st to prevent its stolen data from being leaked and added that they are also “negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands.”
REvil tried to extort Apple only after Quanta Computer, a leading notebook manufacturer and one of Apple’s business partners, refused to communicate with the ransomware gang or pay the ransom demanded after they allegedly stole “a lot of confidential data” from Quanta’s network.
Quanta is a Taiwan-based original design manufacturer (ODM) and an Apple Watch, Apple Macbook Air, and Apple Macbook Pro maker.
Quanta has a long list of high-profile customers, including Apple, Dell, Hewlett-Packard, Alienware, Lenovo, Cisco, and Microsoft.
Based on the number of ODM laptop units sold, Quanta is the world’s second-largest original design manufacturer of laptops, only behind Compal who was also targeted by ransomware last year.
According to the Tor payment page shared with BleepingComputer, Quanta has to pay $50 million until April 27th, or $100 million after the countdown ends.
So far, REvil leaked over a dozen schematics and diagrams of MacBook components on its dark web leak site, although there is no indication that any of them are new Apple products.
In a negotiation chat on REvil’s payment site seen by BleepingComputer, REvil warned that “drawings of all Apple devices and all personal data of employees and customers will be published with subsequent sale” if Quanta did not begin negotiating a ransom.
After that time frame expired, REvil published the schematics on their data leak site.
REvil is a ransomware-as-a-service (RaaS) operation known for recruiting affiliates to breach corporate networks, steal unencrypted data, and encrypt devices.
Once a ransom payment is made, the REvil core developers and the affiliates split the payment, with the affiliates generally getting the larger share.
REvil has been on a hacking spree over the last month, demanding extremely high ransom demands in attacks targeting Acer ($50 million), Pierre Fabre ($25 million), and Asteelflash ($24 million).
Cybersecurity researchers have told BleepingComputer that they believe REvil has been making extremely high demands to start at a higher negotiation price.
Apple and Quanta spokespersons were not available for comment when contacted by BleepingComputer earlier today.