Recently, the REvil ransomware gang has offered Apple to buy back stolen device blueprints to inhibit the leak. The group threatened to leak them on its site before the Apple Spring-Loaded event, which is a live stream event from its HQs in Cupertino, California. In case of refusal, the REvil Ransomware gang warns stolen blueprint leak.
Besides, the REvil ransomware group claimed that they are also negotiating with several major competitors of Apple. `The negotiations deal with the sale of gigabytes of personal data and large quantities of confidential drawings. The extortion threat came a few hours before Apple got scheduled to make a series of significant new product announcements.
The Claims of Ransomware Gang
The infamous REvil ransomware group claims to have obtained large quantities of data associated with several top-tier tech vendors. It includes Apple, Lenovo, Cisco, HPE, Microsoft, and others.
The REvil ransomware group said it has stolen information on a few products that include Apple Watch, MacBook Pro, MacBook Air, etc. They also said that an ever-increasing number of files will be added each day. In addition, the leaked files incorporate schematics for a laptop. However, it is unclear if the portrayed data are as delicate as claimed.
Essentially, the REvil ransomware gang has seized product blueprints from an Apple supplier named Quanta Computer. As a Taiwanese manufacturer, Quanta Computer builds computing devices for several vendors and manufactures MacBook and iWatch devices for Apple.
Moreover, REvil ransomware gang claims that its earlier ransom demands have got denied by Quanta. It alleges that its side has given a great deal of time to solve the problem. Yet, Quanta gave the cold shoulder to it and showed that it cares nothing about the data of its staff and customers. Thus, it allowed the disclosure and sale of all data it contains.
The Amount of Ransom Demand
One source acquainted with the negotiations with Quanta Computer revealed that the REvil ransomware group has raised a $50 million ransom demand. Last month, it asked Acer the same amount, but there came no follow-on information from either side on the occurrence of the event.
Several ransomware gangs knowingly target large organizations, specifically when they practice big game hunting. It is because they seek higher ransom payoffs. Usually, these groups open the ransom demands with a hefty sum. So, they allow it to get negotiated down subsequently.
REvil is a prolific ransomware-as-a-service (RaaS) operation. Operations like these involve an operator rendering crypt-locking malware. An operator also provides support to vetted affiliates who infect through malware systems of victims. The operator obtains a cut from every victim who pays. Historically, the cut has begun at 40% for REvil. Later, it dropped to $30 after the affiliate achieved three successful ransom payments.
Various ransomware gangs begin leaking data after attempting to name and shame victims through dedicated leak sites. The group dumps all the withdrawn data for free when a victim does not pay the demanded ransom. They do it to teach a lesson to future victims. Similarly, many gangs claim that they negotiate sales to other interested parties. Nevertheless, how far it is true is unclear.
Bad guys like REvil ransomware gang have found the current global crisis called COVID-19 pandemic as an opportunity to loot and plunder businesses. Thus, proactive cybersecurity is an essential piece of the giant jigsaw puzzle of online business.