Apple supplier is the latest target of a $50 million ransomware hack

The attackers are threatening to leak blueprints.

Devindra Hardawar/Engadget

The REvil ransomware gang has found a fresh target. BleepingComputer and Bloomberg report the group is threatening Apple after one of the tech giant's key MacBook suppliers, Quanta, allegedly refused to pay a $50 million ransom following a hack targeting its systems. The attackers disclosed their efforts alongside Apple's spring event after Quanta reportedly signaled that it wouldn't pay by the April 27th deadline, and leaked what appeared to be component schematics for a MacBook design from March.

REvil said it would hike the demand to $100 million if Quanta didn't pay by the specified date. It claimed to have "all local network data" from the contract manufacturer, although it's not clear how much it really has.

In a statement to Bloomberg, Quanta acknowledged hacks targeting a "small number" of servers and said it had been in touch with data protection agencies and law enforcement. The company added that there was "no material impact" on business, although it didn't say whether or not it planned to pay the ransom. Apple declined to comment.

The hacking team targeted the money transfer service Travelex at the start of 2020, and just recently tried to extort $50 million from Acer in a similar ransomware campaign. It also attacked companies like Asteelflash and Pierre Fabre for smaller amounts topping out at 'just' $25 million. The high demands may be a negotiation tactic, researchers told BleepingComputer — REvil can still walk away with huge sums if it agrees to a lower payout.

Whether or not Apple and Quanta concede, the incident illustrates the growing ambitions of ransomware groups. In addition to high-profile companies, they've held city governments for ransom and otherwise left organizations scrambling to either pay millions or risk significant damage. Don't expect the perpetrators to be caught any time soon, either. In addition to covering their tracks (such as by operating on the dark web), they frequently operate in Russia (as REvil does) or other countries that don't always crack down on hackers targeting foreign entities.