Skip to main content

REvil Group’s newest tactic? If you try to extort a business and they won’t pay you, start extorting their customers.

SAN RAFAEL, CALIFORNIA – On Tuesday, Apple revealed its sparkling new iPads and iMacs. Unfortunately for the tech giant, the good vibes didn’t last long. Russian hacking group REvil executed a successful ransomware attack on one of Apple’s top Macbook manufacturers, and is now holding both Apple and the Taiwanese manufacturer, Quanta, hostage to the tune of a $50M ransom demand. Hackers got into Quanta’s system via the Microsoft Exchange Server Vulnerabilities which Evolve warned of last month.

As proof of the attack, REvil posted 15 screenshots of proprietary MacBook blueprints on the dark web, and has threatened to leak new data every day until either Apple or Quanta pays the record-tying ransom demand of $50M. That is the same amount REvil demanded in their attack of Acer in March.

A New Twist to Ransomware

Ransomware criminals have historically only extorted the primary attack victim, not their customers. REvil’s extortion of Apple after failing to get Quanta to pay is a new tactic.

Per Dmitry Smilyanets, Recorded Future‘s threat intelligence analyst… “This is a new approach in the double extortion name-and-shame technique, where the threat actor engages with the affected third parties after the unsuccessful attempt to negotiate ransom with the primary victim.”

Other potential victims?

REvil appears to be targeting Apple because of their recent product release, but it should be noted that the Quanta attack may impact many companies beyond the creators of the Macbook and iPhone.

The criminals released a list of other Quanta customers, including Dell, Hewlett-Packard Inc., Alienware Inc., Amazon.com Inc., Cisco Systems Inc., Fujitsu Ltd., Gericom, Lenovo Group Ltd., LG Electronics Inc., Maxdata, Microsoft Corp., MPC, Blackberry Ltd., Sharp Corp., Siemens AG, Sony Group Corp., Sun Microsystems Inc., Toshiba Corp., Verizon Wireless and Vizio Inc.

How does Evolve help policyholders prevent these attacks?

Traditional anti-virus and threat-detection platforms scan your computer and/or network for files that may contain malware. And they do a good job of that.

The issue is that in these types of attacks, victims care just as much (or more) about stealing files rather than simply encrypting them. The answer? Data exfiltration detection, like that offered by Evolve’s newest risk management provider, BlackFog.

BlackFog detects data leaving your network, which enables them to spot ransomware threats before competitors. All Evolve policyholders receive access to BlackFog as part of our complimentary policyholder risk management suite (valued at $6,500+).

Related: Computer giant Acer hit with $50M ransom demand.