Thursday, 22 April 2021 11:20

Kaspersky comments on Apple Quanta REvil ransomware attack


Schematics for Apple's presumed 2021 MacBook designs, along with those of other tech companies that Quanta manufactures devices for, have been stolen in a ransomware attack by the REvil group, and a senior security researcher at Kaspersky explains what is going on.

Bloomberg and many other outlets have reported on the REvil attack on one of Apple's manufacturing partners, Quanta, along with reports that a demand of US $50 million has been made, although the Taipei Times says the ransom demand is US $100 million.

The hackers are publishing snippets of the information they've stolen in an attempt to convince Apple to pony up the cash, but given that it's never a good idea to negotiate with terrorists whose word cannot be trusted, it's unlikely we'll see Apple make any public response - or hand over any money.

Quanta itself issued a statement which reads: “Quanta Computer’s information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers. We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the company’s business operation.”

Denis Legezo, senior security researcher, Kasperky’s Global Research and Analysis Team has shared the following information:

counter joomla

What is REvil?

The REvil (also known as Sodin or Sodinokibi) ransomware has been known since 2019 and it can both encrypt data and steal it. It is distributed on specialised forums "by subscription" (ransomware-as-a-service).

Thus, two groups of attackers are involved in the attack: the first finds a breach in the protection of the organisation and injects REvil there and the second creates the malware. After encryption or data theft, a ransom is demanded from the victim. And if successful, it is divided between these groups.

An interesting feature is that the malware does not start if certain languages ​​are detected when checking the system language and existing keyboard layouts (this is a large set of dozens of layouts), including Russian.

How real is the threat made by the actors?

The threat is real and this is not the first high-profile incident that uses this malware.

What should Apple do in this situation? And how can they protect themselves if contractors are so easily hacked?

Unfortunately, purely technical protection measures are not enough - the contractor's protection perimeter is under their jurisdiction. Manufacturers are left to impose strict information security requirements for their suppliers, as well as, for example, impose legal sanctions for such violations.

How can information security services help in this case? Is the main task of information security teams to prevent such attacks?

The main task is to prevent the occurrence of such attacks in the future. In the aftermath of such attacks, it is important to conduct a comprehensive investigation of the incident, draw conclusions about the current vulnerabilities, and fix them (remove excessive use of RDP, especially without a VPN, and reduce the attack surface). Also, in our opinion, it is important to put in place effective monitoring, and to have an action plan in case such attacks occur.

Is this attack unique? How do you think it may affect the info security world?

Targeted ransomware attacks on large companies have become quite common, especially over the past few years. One specific attack, even on an organisation known worldwide, will not change the way things are operated.

But we hope that the reaction to this trend will include the introduction of information security events monitoring; complex cybersecurity systems, including for proactive detection of attacks; and enhanced training of employees around cybersecurity rules.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News