Home > Cyber News > Apple Targeted by REvil Gang in a $50 Million Ransomware Attack

Apple Targeted by REvil Gang in a $50 Million Ransomware Attack


One of Apple’s key suppliers, Quanta Computer Inc, has been fighting a high-profile ransomware attack. The attack took place while Apple was revealing its newest line of iPads and iMacs, Bloomberg recently reported.

Sodinokibi/REvil Threat Actors Hit Quanta, a Key Apple Supplier

The attack seems to be carried out by a Russian threat group, claiming to have stolen some of Apple’s blueprints, related to its latest products. The ransomware group in question is REvil, also known as Sodinokibi. The hackers recently posted a blog on their dark web site, saying they have infiltrated Quanta’s computer network. Quanta is a Taiwan-based supplier, mostly manufacturing Mac books, as well as products for HP, Facebook, and Google.

What happened?
A user on the underground forum going by the name Unknown, announced on Sunday that the ransomware group was about to declare its largest attack ever.

“The post was made in Russian on a channel where the REvil group recruits new affiliates, according to a person familiar with Unknown’s history on the XSS forum who sought anonymity for fear of retaliation,” Bloomberg said.

Shortly after that, REvil’s hackers shared on their Happy Blog that Quanta has become their latest victim. “In their post, also reviewed by Bloomberg, the hackers claim they’d waited to disclose the Quanta compromise until the date of Apple’s latest big reveal, contending the parts supplier had expressed no interest in paying to recover the stolen data,” Bloomberg discovered.
The hackers are now attempting to “shake down Apple” by demanding a ransom in the amount of $50 million to be paid by May 1. If the ransom is not paid, the hackers will continue to publicly share the company’s blueprints.

Quanta said that its security defense system was activated immediately, and it has since resumed internal services. The company is also improving its cybersecurity infrastructure to safeguard its data.

Sodinokibi ransomware making history

The REvil/Sodinokibi threat actor has displayed a well-coordinated behavior and ransomware campaigns. The ransomware operators have borrowed quite a few tricks from GandCrab which was shut down not too long ago. You can learn more about the Sodinokibi ransomware from our extensive article, covering its multiple operations.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree