Apple has been targeted in a $50 million ransomware attack following the theft of a sizeable amount of schematics related to manufacturing and engineering of current and future products from Quanta, a Taiwan-based company that serves as one of Apple’s suppliers for MacBooks and other products.
The leak, first reported by The Record, was carried out by REvil, a Russian hacking group also known as Sodinokibi, which runs the infamous dark web data marketplace called “Happy Blog”.
The ransomware gang posted a message on the dark web portal claiming to have stolen the blueprints of various Apple gadgets. However, Quanta refused to pay the $50 million ransom for the stolen data.
As a result, the group posted stolen images including Apple’s newly revealed iMac redesign on April 20th to coincide with Apple’s latest “Spring Loaded” event for maximum visibility.
Almost every page of the schematics included the phrase, “This is the property of Apple and it must be returned” confirming the documents were legitimate. The leak also included manufacturing diagrams for Apple’s 2021 M1 MacBook Air as well as of an unreleased laptop.
REvil is now trying to get Apple (Quanta’s primary customer) itself to pay up by May 1st. The group plans to leak more schematics and images of Apple’s future potential products every day on the dark web until the ransom is paid by Apple or Quanta.
Further, the ransomware gang also hinted that the data of other companies might be leaked online. Besides Apple, Quanta also manufactures products for Microsoft, HP, Toshiba, Google, Facebook, Dell’s Alienware, Lenovo, LG, Blackberry, Fujitsu, Cisco, and Vizio.
“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil operators wrote. “We recommend that Apple buy back the available data by May 1.”
Meanwhile, Quanta has confirmed that one of its servers was breached but didn’t provide information on how much data was stolen.
“Quanta Computer’s information security team has worked with external IT experts in response to cyber-attacks on a small number of Quanta servers,” the company said in a statement reported by Bloomberg. “We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the company’s business operation.”
Quanta added that the small range of internal services affected by the incident has resumed and it is upgrading its cybersecurity level to protect its data as well as improving its existing infrastructure. However, Apple declined to comment on questions about the compromise.