A notorious Russian ransomware and data-stealing gang wants Apple to pay millions or the gang will publicly release blueprints and schematics of Apple products.
The REvil group, known for the Sodinokibi ransomware, claims it broke into and encrypted the servers of Quanta Computer, a Taiwanese company that manufactures and assembles hardware for Apple, Dell, HP, Lenovo and many other technology companies.
REvil is notorious for stealing data from its victims before it encrypts the data on the victims’ servers. If the decryption ransom is not paid, it threatens to release the stolen data. Past victims include the owners of the Ritz London hotel, the distillers of Jack Daniel’s whiskey and even a celebrity law firm.
Tom’s Guide has reached out to Apple for comment, and we will update this story when we receive a reply.
‘Tim Cook can say thank you Quanta’
In a blog post yesterday (April 20), just before Apple’s own “Spring Loaded” product-launch event, the REvil group declared that “in order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many.”
“Tim Cook can say thank you Quanta,” the blog post added. “Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands. We recommend that Apple buy back the available data by May 1.”
It’s not clear how much the gang wants from Apple, but the group has demanded a ransom of $50 million from Quanta Computer.
Recorded Future threat analyst Dmitry Smilyanets told The Record that this may be the first time a ransomware gang has demanded money from a hacked company’s customers.
Quanta Computer acknowledged to Bloomberg that there had been “cyber attacks on a small number of Quanta servers” but that there was “no material impact on the company’s business operation.”
Apple schematics on the ‘Happy Blog’
Tom’s Guide got a look at the REvil gang’s “Happy Blog,” which can be accessed through the Tor anonymous-networking web protocol. (Sorry, we are not linking to the blog.)
The most recent post contains about 20 JPEG images of what appear to be the assembly schematics of an Apple MacBook laptop. The blog states that “more and more files will be added every day” and that PDF versions of the images are available.
One image shows what appears to be the layout of a laptop’s logic board, i.e. motherboard. A text box in the image states that the schematic is property of Apple, is dated “03/09/21” and was designed by “John Andreadis.” Another image is a screenshot of a laptop camera schematic, viewed through a Russian-language PDF editor.
We couldn’t tell exactly which model the laptop was, although judging by the teensy logic board for M1 chips that Apple showed off during its presentation yesterday, the laptop may be using a more power-hungry Intel chip that requires a bigger logic board.
How much is the stolen data worth?
The blog post does not mention any ransom amount, but Bleeping Computer found a Tor site that appears to be the REvil gang’s ransom note to Quanta Computer. It demands $50 million in the Monero cryptocurrency by April 27 to decrypt the locked files, after which the ransom amount goes up to $100 million.
Bleeping Computer said that Quanta Computer had refused to pay the ransom. However, Bleeping Computer said it also had a look at a chat conversation on REvil’s payment site in which the gang said that “drawings of all Apple devices and all personal data of employees and customers will be published with subsequent sale” unless Quanta reopened ransom negotiations.
After a three-hour negotiation deadline passed, the Apple schematics appeared on the Happy Blog.
The Register noticed some oddities in the REvil blog post. Alongside the Apple Watch, Apple MacBook Air and Apple MacBook Pro as examples of what Quanta Computer manufactures, the post also listed the ThinkPad Z60m, a Lenovo laptop that debuted in 2006.
Quanta Computer’s customers are also stated as including BlackBerry and Sun Microsystems, which the Register pointed have not made hardware for several years. The list of customers appears to have been copied directly from Quanta Computer’s Wikipedia entry.