Search This Blog

Showing posts with label $50 Million. Show all posts

Ransomware Attack by REvil on Apple, Demands $50 Million

 

While Apple was working on the preparations for the 'Spring Loaded' event that went live on Tuesday, 20th April, the company requested a settlement to prevent its next-gen equipment data from being leaked. The REvil Group, also identified as SODINOKIBI, said that it had been able to access the computer network of Apple's Quanta Computer, and has requested $50 million to decrypt its systems, via the Dark Web. Quanta Computer is a major MacBook Air, MacBook Pro supplier. 

The operator of REvil published a blog on its dark website that goes by the name – 'Happy Blog' claiming that Quanta Computer is being a target of a ransomware attack. 

Even though the Hacker Group initially tried to negotiate an agreement with the company, the team allegedly posted details of the upcoming Apple devices before the Spring-Loaded event, following the refusal by Quanta Computer to pay the ransom, as per a blog post. 

Some of the schematic seemingly aligned with the current iMac as well as some new version details were shared by hackers. The Ransomware Operator warned Apple, to repurchase the existing data until 1st May to avoid further leakage. Each day, before Apple buckles up, hackers attempt to threaten to post new files to their site. The organization also said that it is dealing with many big suppliers on the sale of large amounts of classified drawings and gigabytes of personal information. 

“Quanta Computer's information security team has worked with external IT experts in response to cyberattacks on a small number of Quanta servers,” a Quanta Computer spokesperson stated. “We've reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There's no material impact on the Company's business operation.” 

The representative further stated that the information security defense system was triggered instantly while performing a comprehensive inquiry. The organization has also said its cybersecurity level was revamped and its current infrastructure is improved. 

Quanta also said that they were working on the issue with law enforcement authorities and data protection authorities

Electronics Giant Acer Hit by $50 MIllion Ransomware Attack

 

The ransomware gang known as ‘REvil’ stole confidential files from computer giant Acer and demanded an unprecedented ransom of US$50 million. The group also posted online images of allegedly stolen spreadsheets, bank balances, and bank texts, in order to prove their claims of having hacked into the Taiwan company’s network.

According to security researchers, hackers may have exploited a Microsoft Exchange vulnerability to gain entry into the company’s network. The $50 million demand of Acer is the largest-ever ransom demand to become publicly known, Callow said, larger than the $42 million REvil wanted from celebrity law firm Grubman Shire Mieselas & Sacks, who counted Nicki Minaj, Mariah Carey, and Lebron James among its clients. 

When asked about the situation, Acer wouldn’t admit that it was a ransomware attack, only telling Bleeping Computer in a statement that it has “reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.” In the request for  further details, Acer replied, “there is an ongoing investigation and for the sake of security, we are unable to comment on details.” 

According to the Record’s report, Acer’s name appeared on the REvil ransomware group’s list of companies that do not pay extortion fees. With the help of malware intelligence analyst Marcelo Rivero, The Record managed to track down the gang’s other dark web portal, which clearly displayed the $50 million ransom the gang demands from Acer and the online chat the gang was using to communicate to the company’s representatives.

Before the attack, Advanced Intel’s Andariel cyberintelligence platform detected that the REvil gang recently targeted a Microsoft Exchange server on Acer’s domain and used the ProxyLogon vulnerability to install their ransomware.