REvil Removes Apple Extortion Attempt from Site: Report

A ransomware group that claimed to have Apple trade secrets in its possession after compromising a supplier has reportedly deleted all mention of the extortion attempt from its dark web site.

It emerged last week that the notorious REvil group had managed to steal some schematics for Macbooks from one of Apple’s main manufacturing partners, Quanta Computer.

Reports claimed that, as the Taiwanese firm refused to pay a $50 million ransom to get the stolen data back, REvil approached Apple instead.

“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil operators reportedly wrote at the time. “We recommend that Apple buy back the available data by May 1.”

It was unclear how much the group was hoping to extort from the US tech giant, but a new report from MacRumors claims that all mention of the blackmail attempt has been removed from the REvil “naming and shaming” site used for such purposes.

As the report clarified, no additional extortion threats were made public since the original demand last week.

REvil is not known for its compassion, so it would seem strange that it decided to take such unilateral action without good reason.

Like all ransomware threat groups, REvil (aka Sodinokibi) is motivated by one thing: greed. The Russian speaking cyber-criminals claimed last October to have made $100 million in a single year and that they want to earn as much as $2 billion from their activities.

With more Quanta Computer clients at risk from similar extortion schemes, it may well be on track for just such a total.

There were over 2400 ransomware incidents reported to the FBI last year, according to the agency’s latest cybercrime report.