One of Apple’s key suppliers, Quanta Computer Inc, has been fighting a high-profile ransomware attack. The attack took place while Apple was revealing its newest line of iPads and iMacs, Bloomberg recently reported.
Sodinokibi/REvil Threat Actors Hit Quanta, a Key Apple Supplier
The attack seems to be carried out by a Russian threat group, claiming to have stolen some of Apple’s blueprints, related to its latest products. The ransomware group in question is REvil, also known as Sodinokibi. The hackers recently posted a blog on their dark web site, saying they have infiltrated Quanta’s computer network. Quanta is a Taiwan-based supplier, mostly manufacturing Mac books, as well as products for HP, Facebook, and Google.
A user on the underground forum going by the name Unknown, announced on Sunday that the ransomware group was about to declare its largest attack ever.
“The post was made in Russian on a channel where the REvil group recruits new affiliates, according to a person familiar with Unknown’s history on the XSS forum who sought anonymity for fear of retaliation,” Bloomberg said.
Shortly after that, REvil’s hackers shared on their Happy Blog that Quanta has become their latest victim. “In their post, also reviewed by Bloomberg, the hackers claim they’d waited to disclose the Quanta compromise until the date of Apple’s latest big reveal, contending the parts supplier had expressed no interest in paying to recover the stolen data,” Bloomberg discovered.
The hackers are now attempting to “shake down Apple” by demanding a ransom in the amount of $50 million to be paid by May 1. If the ransom is not paid, the hackers will continue to publicly share the company’s blueprints.
Quanta said that its security defense system was activated immediately, and it has since resumed internal services. The company is also improving its cybersecurity infrastructure to safeguard its data.
Sodinokibi ransomware making history
The REvil/Sodinokibi threat actor has displayed a well-coordinated behavior and ransomware campaigns. The ransomware operators have borrowed quite a few tricks from GandCrab which was shut down not too long ago. You can learn more about the Sodinokibi ransomware from our extensive article, covering its multiple operations.