Table of Contents
According to a post shared on its “Happy Blog” portal, the threat actor claimed it hacked the systems of the Taiwanese company to acquire schematics of its products, accusing Quanta of not being willing to pay for the stolen blueprints to be recovered.
The REvil operators said their team is negotiating the sale of huge amounts of individual data, including drawings and gigabytes of photos, with several major companies.
“We recommend Apple buy the data back by May 1,” they stated. A new development in the double extortion game has also resulted in a ransomware cartel attempting to negotiate Ranso mware with a secondary victim, in an attempt to circumvent the primary victim.
The REvil Group and Ranso mware:
Since its first detection in June 2019, REvil came to be one of the most prolific Ranso mware as-a-service (RaaS) groups, and was the first to employ a technique called “double extortion,” which has been adopted by other groups to maximize profits.
To secure payment, the extortionists mainly publish a handful of stolen files stolen from their extortion targets before encrypting and threatening to release more if the Ranso mware demand is not met.
The main actor associated with promoting and advertising REvil on Russian cybercrime forums is named Unknown, aka UNKN.
The ransomware operates as an affiliate service, using corporate network breaches to spread the malware while the core developers maintain malware and payment infrastructure.
A ransom payment is usually split between 60% and 70% between affiliates.
Ransomware operators made more than $350 million in 2020, a 311% increase from the previous year, according to Chainalysis, a blockchain analysis company.