Apple hit with $50 million ransom demand in attack against manufacturing partner

Apple has been indirectly hit with a ransomware attack. On April 20, the same day as its Spring Loaded event, Russian ransomware-as-a-service (RaaS) outfit REvil struck Taiwan-based Apple supplier Quanta’s servers, stealing numerous documents.
Quanta manufactures MacBooks and other Apple products. The Record notes the cache of data contained engineering and manufacturing documents related to Apple products, including schematics for a next-gen Macbook Pro. REvil demanded Quanta pay it $50 million to get the data back, but Quanta refused.

“Quanta Computer’s information security team has worked with external IT experts in response to cyberattacks on a small number of Quanta servers,” a spokesperson told Bloomberg. “[The hack poses] no material impact on the company’s business operation.”

Seeing it was getting nowhere with Quanta, REvil turned its demand to Apple directly, threatening to leak data every day until it paid the $50 million. In the first documents leaked was a schematic for an upcoming MacBook Pro model designated J316. XDA reports that it is a 16-inch complete redesign of the MacBook Pro.

The chassis design of the last few models has not changed much, but the J316 has a “renewed design language.” It appears more rounded and does not have the Touchbar. We have received conflicting reports on whether Apple would be ditching that feature or not. This document seems to confirm that feature is being abandoned.

The schematic also shows that the new MacBook Pro will have improved connectivity. An annoyance of current models is the necessity of adapters for things like HDMI and USB-A. The J316 partially fixes this problem, coming with one HDMI port, a USB-C/Thunderbolt port, and an SD card reader on the right-hand side. The left side has two USB-C/Thunderbolt ports. It also has a MagSafe connector indicating that MagSafe for Macs is making a comeback—another rumor seemingly verified.

Apple has not confirmed the validity of the documents, but images showed them marked with, “This is the property of Apple, and it must be returned,” with warnings not to reproduce, copy, or publish. While these could be easily faked with enough knowledge of Apple’s internal documentation, what cannot be fabricated is the formerly unknown design of the new iMacs. In addition to the J316 plans, the first leak also contained a schematic for the newly redesigned iMac, which Apple only revealed on Tuesday, the day of the attack. It appears to confirm that the documents are authentic.

REvil’s attack on Apple falls almost precisely one month after its record-breaking $50 million ransomware demand against Acer on March 19. It causes one to wonder if the group has plans for a May 19-20 attack.