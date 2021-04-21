If yesterday was a great day for Apple, with a presentation loaded with announcements and the most interesting news, it seems that the event could be a haven of tranquility within what could be a rather unpleasant week for technology. And, as we can read in Happy Blog, the blog of the cybercriminal organization REvil, also known as Sodinokibi, would have been done with complete manufacturing drawings for MacBook Air, MacBook Pro, and Apple Watch.

The origin of these leaked documents, more than 10 gigabytes according to REvil, is in the infrastructure of Quanta, a major manufacturer and is on Apple’s vendor list. Based on a security problem not reported at the moment, the cybercriminals would have also managed to obtain plans for Lenovo’s ThinkPad Z60m, although at least in their initial communication they have focused on Apple’s assets.

It is important, at this point, that we take into account the size of Quanta and the clients it works for. A selection from this list would include Apple, Dell, Hewlett-Packard Inc., Alienware, Amazon, Cisco, Fujitsu, Gericom, Lenovo, LG, Maxdata, Microsoft, MPC, BlackBerry Ltd, Sharp Corp., Siemens AG, Sony, Sun Microsystems, Toshiba, Verizon Wireless and Vizio. A category list, but also a huge list of interests that could have been affected by this ransomware attack.

In the blog post, and presumably in the ransom note as well, REvil demands a payment of $ 50 million from Quanta with a deadline of April 27. In that first communication they affirm that if the deadline is met, the amount will increase to one hundred million. And in case you are thinking about it and both the name of the organization and the amount required are familiar to you, it is because today just a month ago we told you that the same group had perpetrated an attack against Acer.

As we can read in Bleeping Computer, Quanta claims that it is trying to recover the lost data and mentions that there was little impact on their operations, which invites us to think that the attack could have been detected before all the data was encrypted. However, it is likely that the exfiltration of assets has been completed, and that the possibility of leaking or selling all the documents obtained is the main element of pressure for REvil.

And the problem for Quanta is that, unlike what happened in cases like Acer’s, It is not your own information, but that of your clients, for now from Apple and Lenovo. It is not the intellectual property of the provider, but that of the companies that use their services, which is seriously compromised, and which may end up in the hands of the highest bidder. What to do is a decision that Apple, Quanta, Lenovo and any other company that may have been affected by the leak will have to participate in.

This is the full text of the REvil blog:

In order not to wait for the next Apple presentations, today we, the REvil group, are going to provide data on the upcoming releases of the company so loved by many. Tim Cook can say thank you Quanta. For our part, he has dedicated a lot of time solve this problem. Quanta has made it clear to us that it does not care about the data of its customers and employees, thus allowing the publication and sale of all the data we have.

P.S.

Our team is negotiating the sale of large amounts of confidential drawings and gigabytes of personal data with several major brands.

We recommend that Apple purchase available data before May 1.

More and more files will be added every day.

They are in pdf format.

And, under them, we find 20 images of the leak, all of them directly related to Apple. At first 12 were published, which shows that the threat of increasing the number of published documents is being carried out. We will have to wait to see what happens in the next few days, and if Quanta, Apple or some other affected company publish updated information on how this unpleasant incident is settled.