A ransomware group is trying to squeeze Apple into paying for blueprints of upcoming products it says have been stolen from a Taiwan-based manufacturing company.
A cybersecurity industry source has sent IT World Canada a screenshot of the website of the well-known REvil group, which is urging Apple to buy back the data by May 1.
No price for the data has been posted.
IT World Canada isn’t naming the manufacturing company because it hasn’t confirmed a breach of security controls. Apple hasn’t responded yet to a request for comment.
UPDATE: The REvil website says the victim manufacturer is Quanta Computer, which makes notebooks for a number of leading brands including Apple. On April 22 Quanta issued a statement saying it has responded to cyber attacks on a “small number” of servers.
As proof that it has stolen data, the REvil website has posted some copies of what it says are Apple product schematics. It is threatening to release more every day.
If true, the threat is in line with the latest strategy of ransomware groups to pressure customers of victims to get payment for ransomware decryption keys and keep stolen data from being publicly released or sold to other crooks.
REvil is one of several threat groups with a website where threat messages and proof of data theft are posted.
Its message posted this week reads:
“In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many. [Apple CEO] Tim Cook can say thank you to [the manufacturer]. From our side, a lot of time has been devoted to solving this problem. [The manufacturer] has made it clear to us that it does not care about the data of its customers and employees, thereby allowing the publication and sale of all the data we have.
“P.S. Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands. We recommend Apple buy back the data by May 1. More and more files will be added every day.”
In an email, Brett Callow, British Columbia-based threat researcher for Emsisoft, said that because REvil is a criminal group, it would be a mistake to believe its claims. After all, they could be lying.
“That said, it would be somewhat unusual for a group to falsely claim there had been an attack. It’s hard to see how this would be in their interests.”