REvil operates a ransomware-as-a-service business, which offers material support to other “affiliates” who handle the technical details of the attack. With a May 1 deadline for Apple to pay $50 million, it looks like the stakes have been ramped up substantially. Last fall the person claiming to be the group’s leader said it expected to make $100 million by the end of 2020. Recorded Future said someone claiming to be the group’s spokesperson hinted last Sunday on a forum the group was prepping for its “loudest attack ever.”Īnd REvil is definitely growing. REvil clearly understood the significance of the leak’s timing. “They’re notoriously known for leaking data if their demands aren’t met.” REvil’s Maximum Pressure on Apple “The REvil ransomware gang doesn’t make false promises,” observed Ivan Pittaluga, CTO of enterprise security firm ArcServe, in an email to Threatpost. Indeed, REvil is not known for messing around if the group says it has documents from victims and it will post them, it generally will, given previous experience. Now REvil said it wants $50 million by May 1 from Apple to give the files back.
These events, formerly led by Apple founder Steve Jobs, have become integral to the brand, and are presented with big hype and fanfare from Cupertino. From our side, a lot of time has been devoted to solving this problem.” “In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many,” according to REvil’s blog post, the report said. The company took the wraps off a host of new products at the event. In an added stroke of criminal ingenuity to ratchet up the pressure to pay, REvil decided to start leaking the ripped off files just hours before Apple’s Spring Loaded event on Tuesday, including schematics for some new iMacs it debuted there. Once Quanta refused to pay to get the files back, REvil started leaking a set of blueprints for some products to turn up the pressure, adding more would be leaked every day the ransom went unpaid. REvil was able to breach the Quanta servers, steal the files and hold them for ransom, according to a statement posted on its dark web site-dubbed the “Happy Blog”-in which it said Quanta refused to pay the original ransom for the attack, according to a published report. Click above to hone your defense intelligence! Most gangs either focus on smaller targets and use blogs to increase public pressure on their victims to pay or are "big game hunters" that target larger corporations for huge payouts but don't publicize the acts, allowing the companies to save face.Download “The Evolution of Ransomware” to gain valuable insights on emerging trends amidst rapidly growing attack volumes. While ransomware attacks have become increasingly common in recent years, the extortion attempt against Apple is the rare case in which a ransomware gang targets and publicly taunts a major American brand. law enforcement agencies closely track the hackers behind the ransomware gangs, the organizations tend to operate in countries that don't extradite to the U.S., particularly Russia, law enforcement agents say, making it essentially impossible to physically stop them unless the hackers travel internationally.
The hackers, who posted the extortion letter and three sample technical files to their blog on the dark web, are among more than a dozen prolific cybercrime organizations that in recent years have steadily hacked targets around the world, encrypting victims' files or threatening to publish them and demanding ransom, usually in bitcoins.
APPLE RANSOMWARE MAC
The Taiwanese company that was hacked, Quanta, makes a range of computer products, including the Mac Pro.