Apple Was Targeted in Ransomware Attack Before ‘Spring Loaded’ Event


While Apple was busy preparing for the the ‘Spring Loaded’ event that took place on Tuesday, April 20, a ransomware operator demanded that the company pay a ransom to avoid leaking of data about its next-generation devices. The group REvil, also known as Sodinokibi, claimed on the dark Web that it had gained access to the computer network of Apple supplier Quanta Computer and demanded $50 million (374.59 crores) to unlock its systems. The Taiwan-based hardware manufacturer is a key supplier of MacBook Air, MacBook Pro, and Apple Watch.

REvil’s operator posted a blog on its dark Web site called ‘Happy Blog’ to claim the ransomware attack on Quanta Computer. Although the hacker group initially attempted to negotiate a deal with the supplier, it posted purported details of the upcoming Apple devices just ahead of the ‘Spring Loaded’ event allegedly after Quanta Computer refused to pay the ransom, according to the blog post seen by Gadgets 360.

The hackers started sharing some schematics that appear to be associated with the new iMac and some new MacBook models. The ransomware operator also warned Apple to buy back the available data by May 1 to prevent further leaking of its data, as initially reported by Bleeping Computer.

The hackers have threatened to post new files to its blog every day until Apple buckles. The group also said that it is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major manufacturers.

Quanta Computer acknowledged an attack in a statement to Bleeping Computer. However, the company did not provide any further clarity on whether it is negotiating with the REvil group or if any customer data has been leaked through the attack.

“Quanta Computer’s information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers,” a Quanta Computer spokesperson said. “We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the Company’s business operation.”

The spokesperson added that its information security defence mechanism was activated immediately while conducting a detailed investigation. The company also claimed that it upgraded its level of cybersecurity and is enhancing its existing infrastructure.

Apple had not responded to a request for comment on the matter by the time this story was filed.

REvil has become a known ransomware-as-a-service (RaaS) operation in the cybersecurity world in the recent past. It previously targeted companies including Acer and Asteelflash.

Exact details about the location from where the REvil attacks are taking place are unknown. However, the group behind the ransomware is believed to be based in Russia as it has not yet targeted any major Russian organisations.

Why did LG give up on its smartphone business? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 22:00), we talk about the new co-op RPG shooter Outriders. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.