Apple supplier Quanta Computer confirms it's fallen victim to ransomware attack

Quanta Computer, an ODM laptop manufacturer and prolific Apple supplier, has now confirmed that digital burglars broke into its systems.

In a statement provided to Bloomberg, Quanta said: "Quanta Computer's information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers.

Although Quanta didn't go into the finer details, other than to say it has contacted local law enforcement, earlier today ransomware gang REvil said it was culprit, and is "negotiating the sale" of data captured in the attack "with several major brands"

On the group's ironically named "Happy Blog" where it names and shames victims, REvil claimed to have deployed ransomware and obtained confidential blueprints for unreleased Apple products.

REvil has since started publishing some of these blueprints, including one design for a MacBook dated March 2021. The last laptop released by Apple was in November, suggesting this could be from an upcoming device.

This slow-drip tactic is designed to pressure victims (in this case Quanta, but also by extension Apple) to give into the attackers' demands. REvil has demanded 123,028 of the Monero cryptocurrency (£37m, $50m) to delete its stolen files and decrypt locked systems.

This is a similar amount to the ransom initially levied at Acer by a REvil affiliate following its intrusion into the PC maker's networks. If Acer refused to agree to their terms, REvil said the ransom would increase to $100m. This sum is equivalent to REvil's annual revenue, according to an analysis of an interview with the group published by threat intel firm Flashpoint Intel.

• REvil ransomware gang claims it stole top-secret tech designs – including Apple lappies – from Quanta Computer
• Brit college forced to shift all teaching online for a week while it picks up the pieces from ransomware attack
• Sodinokibi/REvil ransomware gang pwns British housing biz via suspected phishing attack
• REvil ransomware gang publishes 'Elexon staff's passports' after UK electrical middleman shrugs off attack

The timing of REvil's public statements also coincide with Apple's latest launch event, where it introduced an updated iPad Pro, the long-awaited AirTags gadget trackers, and the first Apple Silicon iMac.

It's not yet known whether the attackers obtained documents for other Quanta clients. In addition to Apple, the Taiwanese firm manufactures devices on behalf of HP, Facebook, and Google, to name but a few.

As noted in our earlier coverage of this story, REvil also published the schematics for the IBM ThinkPad Z60m – a laptop pre-dating the acquisition of IBM's hardware division by Lenovo, hailing from 2006.

Monero has proven increasingly popular with cybercriminals due to its privacy-focused design that inhibits any real forensic accounting. Whereas Bitcoin transactions are publicly viewable on the blockchain ledger, allowing third-parties to monitor payments and amounts, Monero's design effectively decouples the user's personal wallet from the wallet where funds are sent, which is known as a "stealth address".

Additionally, Monero contains measures designed to obfuscate the source of a transaction. This approach, called "Ring Signatures", effectively bundles decoy spends of the equivalent value alongside the real one, making it impossible for an outside observer to determine the real source of funds.

In March, Monero transaction volumes surpassed that of Bitcoin – although this isn't necessarily indicative of increased activity by malicious actors, given the former's popularity as a "store of value" rather than a coin for day-to-day spending.

Nonetheless, several figures in the security space have sounded the alarm about Monero's rise, most notably former acting CIA director Michael Morell, who cited its growing adoption by darknet markets and ransomware groups. ®