Skip to main contentSkip to navigationSkip to navigation
Print subscriptions
Sign in
Search jobs
Search
The Guardian - Back to homeThe Guardian
‘We recommend that Apple buy back the available data by 1 May,’ the hackers have said.
‘We recommend that Apple buy back the available data by 1 May,’ the hackers have said. Photograph: Ritchie B Tongo/EPA
‘We recommend that Apple buy back the available data by 1 May,’ the hackers have said. Photograph: Ritchie B Tongo/EPA

Ransomware hackers steal plans for upcoming Apple products

This article is more than 3 years old

Group behind REvil ransomware claims stolen files include plans for two laptops and a new Apple Watch

Apple is facing a ransomware demand after a group of cybercriminals stole confidential plans for the company’s upcoming products from a supplier.

The “Sodin” group, which makes and runs a piece of ransomware called REvil, says it stole the plans from Quanta Computer, a Taiwanese company that assembles a number of Apple laptops.

Like normal ransomware, REvil encrypts victims’ files and demands payment to receive the encryption key and recover the data. But Sodin has gone one step further, attempting to steal the files themselves and extort payment from those who have backups by threatening to publish confidential data.

According to a statement posted on the criminals’ dark web site – which they call the “Happy Blog” – Quanta refused to pay the ransom, leading the hackers to begin threatening the company’s customers.

“In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many,” the blog says. “Tim Cook can say thank you Quanta. From our side, a lot of time has been devoted to solving this problem.”

The hackers claim that among the stolen documents are plans for a pair of Apple laptops, a new Apple Watch and a new Lenovo ThinkPad. To back up their assertions, they have posted a set of blueprints for some products, including schematics for the new iMacs that the company launched on Tuesday.

Apple launches new iMac, iPad Pro, AirTags and Podcast subscriptions
Read more

The ransomware demand was initially posted just hours before the company’s launch event, and the hackers say they will release more documents every day, adding: “We recommend that Apple buy back the available data by 1 May.” A similar extortion attempt from the same group, aimed at Acer, demanded $50m in exchange for deleting the files.

Already, internet users have begun to pore over the details of the leaks, noting differences with the current models on sale: a new version of the MacBook Pro is shown without the company’s controversial “Touch Bar”, for instance, and a potential return of HDMI ports, SD card readers and MagSafe connectivity to the machine.

Apple did not respond to a request for comment.

Explore more on these topics
Share
Reuse this content

More on this story

More on this story

  • No 10 tells MPs to be cautious about unsolicited messages after attempted ‘honeytrap’

  • At least a dozen Westminster insiders targeted in WhatsApp phishing attack

  • Hackers obtain patient data from NHS Dumfries and Galloway

  • Western governments struggle to coordinate response to Chinese hacking

  • Foreign Office summons senior Chinese diplomat over ‘malicious cyber activity’

  • US and UK unveil sanctions against Chinese state-backed hackers over alleged ‘malicious’ attacks

  • Tory MPs urge tougher action on China after cyber-attacks

  • A Chinese ‘wolf warrior’ impersonated me, says Iain Duncan Smith

  • UK ‘slow to hold China to account’ for cyber-attacks against MPs and voters

  • Details of millions of UK voters accessed by Chinese state, ministers will say

Most viewed

Most viewed