As Apple held its "Spring Loaded" event where it unveiled brand new iPad Pros, a redesigned iMac, and the long-awaited release of AirTags, one of its main MacBook suppliers was undergoing a ransomware attack worth $50 million.
As reported by Bloomberg, the ransomware group called REvil, publicly declared early on Tuesday that it had accessed the internal computers of Apple supplier Quanta Computer Inc, based in Taiwan. Through the attack, REvil managed to obtain 15 images/schematics of unreleased MacBooks which include "specific component serial numbers, sizes and capacities detailing the many working parts inside" of a MacBook, per documents and blog posts seen by Bloomberg.
While Quanta Computer, the supplier at the center of attacks, works with HP, Facebook, and other tech companies, the ransomware group is specifically targeting Apple. In its blog, the group is demanding that Apple pay an undisclosed ransom for the images/schematics they obtained via the supplier by May 1.
REvil is now attempting to shake-down Apple in its effort to profit off the stolen data. They've asked Apple to pay their ransom by May 1, as was first reported by Bleeping Computer. Until then, the hackers will continue to post new files every day, REvil said on its blog.
An Apple spokesperson declined to comment. However, Quanta Computer acknowledged the attack and said that it had no "material impact" on its business operations.
Quanta Computer’s information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers,” the company said in a statement. “We've reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There's no material impact on the company’s business operation.
As a response to the ordeal, the supplier is bolstering its cybersecurity infrastructure. Ultimately, REvil, in a chat with Quanta during negotiations for the attack, said it had stolen and encrypted "all local network data" and that it will not give it up until the $50 million ransom is paid.
Apple famously takes the secrecy of unreleased products extremely seriously, and it's still not known how much confidential data the ransom group has obtained, and whether Apple will pay the ransom.
