Apple supplier Quanta hit with $50 million ransomware attack from REvil

Hackers claim to have infiltrated the networks of Quanta Computer Inc., which makes Macbooks and hardware for HP, Facebook and Google.

ransomware.jpg

Red binary computer code ransom screen background with stop symbol sign.

Suebsiri, Getty Images/iStockphoto

More about cybersecurity

Ransomware group REvil claimed in a blog post published on Tuesday to have stolen blueprints for Apple’s latest products. On the same day, Apple CEO Tim Cook announced multiple new products at an online event

Quanta Computer Inc. acknowledged the attack in a statement made to Bloomberg, stating that the company’s information security team worked with external experts to deal with cyber attacks on a small number of servers. The company also told Bloomberg that there has been no material impact on business operations. 

The company makes Macbooks for Apple. According to Bloomberg’s report, REvil had posted plans for a new laptop including images for what looks like a Macbook designed in March 2021 by the time the online event ended Tuesday afternoon. REvil demanded $50 million for the decryption key, according to a chat-room transcript reviewed by Bloomberg.

Lior Div, CEO of Cybereason and an expert in hacking, forensics, reverse engineering, malware and cryptography, said that the attack is a direct challenge to the Biden administration from Russia. 

“When the largest U.S. supplier of consumer technology and products is hit by this type of attack, the message from Russia to Western companies and governments is loud and clear: We can control you,” Div said. “Russia is telling the United States that it can steal our blueprints and our IP—and that these types of attacks will continue bigger than ever with higher ransom demands.”

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Div previously was a commander in the Israeli Unit 8200, a cybersecurity and intelligence team that is part of the Israel Defense Forces. He sees this attack as also the latest example of how fragile the supply chain is and how hard it is to secure. 

“Russia, China, North Korea, and other nation-states adversaries are utilizing cyberspace precisely because it gives them an asymmetrical advantage where they can do more damage to the U.S. than the U.S. can do to them for two reasons,” he said. “One, we have more assets online, and two, we follow rule of law and they do not.”

The Biden administration announced on Tuesday plans to protect the country’s electric system from cyber attacks. The 100-day initiative will be a collaboration between government agencies and private companies. The initiative encourages owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks. It includes concrete milestones for them to put into use technologies so they can spot and respond to intrusions in real time.

Last month REvil demanded a ransom of $50 million from Acer. As Jonathan Greig reported, Acer refused to confirm or deny the attack, saying companies like it “are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”

Also see