Apple, victim of ransomware attack: asked for $ 50 million not to reveal secret product designs

Apple has been affected by a ransomware attack: cybercriminals ask you $ 50 million to return stolen confidential information that has already started leaking online. How did it happen? Company servers Quanta which does MacBook and other products for the computer giant were violated and the attackers stole pictures of drawings of computers Yes other devices that the company produces.

Filtration was carried out by REvil, a group of Russian-born hackers also known as Sodinokibi, as reported by the specialized portal The record.

In a message posted to a dark web portal, REvil said Quanta they refused to pay to recover the stolen data, so now they have decided to go after Apple. The hacker group released 21 screenshots showing schematics of MacBook and they threatened to release new data every day until Apple or Quanta pays the demanded ransom.

The group began posting the stolen images on April 20., which coincided with the date on which Apple Spring Loaded event has been created. The group will continue to publish content gradually and disclose any stolen information on 1st May if you don’t get the money. And they hinted that it could affect other businesses as well, as there are so many businesses that use Quanta’s services.

“Our team negotiates the sale of large quantities of confidential designs and gigabytes of personal data with various big brands, ”the hijackers wrote.

For their part, Quanta confirmed that there had been an attack on a “small amount of servers “and ensured that there was not”a significant impact on the company’s business operations“, As reported Bloomberg.

The leaked files so far include manufacturing diagrams for the already released MacBook Air 2020 M1 update, the new iMac released two days ago and a laptop that has not yet been released, among other confidential information.

In no time, REvil became known for racking up high-level attacks like the one he performed on Acer oa the Argentine Road Safety Agency Last year. In fact, REvil is one of the most active ransomware groups of the past year with Ryuk, Maze, Doppelpaymer, Netwalker and Conti, according to data from Eset.

How is ransomware distributed

It is not clear exactly how they got into the Quanta server., but an analysis can be made of the possible scenarios that may have arisen, by analyzing how these types of computer attacks are typically carried out.

The main vector or gateway for this type of attack is the removal Yes robo of information is the use of RDP, acronyms that correspond to Remote desktop protocol, which in Spanish translates to Remote Desktop Protocol. The RDP protocol allows the user to remotely access a computer that is located elsewhere. This type of technology saw a significant expansion during the pandemic, during which remote working was implemented.

“According to a lecture given at the RSA conference in February 2020 by the agent of the FBI Joel DeCapua, RDP is the first vector used to compromise businesses with ransomware, being that over 80% of successful ransomware attacks were carried out, violating the network through brute force attacks on RDP credentials then at some point run the ransomware, ”they pointed out in the WeLiveSecurity cybersecurity blog.

On other occasions, attackers gain access by exploiting vulnerabilities in tools or technologies used for remote access to Windows networks. In other cases, although to a lesser extent, ransomware is distributed through botnets where the Download others malware.

In this last year an increase in targeted attacks has been observed, that is, they prey on victims in particular, usually companies who, to their knowledge, may be willing to pay a large ransom for prevent the dissemination of critical and confidential information.

KEEP READING: