Action has been taken by the US Department of Justice following a claim by the infamous REvil (Sodinokibi) group that they have stolen Apple trade secrets via a supplier. This has immediately resulted in the launching of a new ransomware task force.
The Resident REvil
A blog by the REvil group was posted on its dark web-hosting shaming site claiming to have compromised a network operated by Taiwanese supplier Quanta Computer. Following the firm’s refusal to meet the ransom demand of $50m, REvil then put pressure on Apple via the posting of screenshots of Macbook schematics with a threat of further attacks. It is also believed that other firms could be affected.
According to The Record, REvil operators wrote that their team was negotiating the sale of large quantities of confidential personal data and drawings with several major brands, further requesting that Apple buy back the available data before May 1st.
As of right now, it is unclear what the figure amount REvil is demanding for the safe return of the data. However, what is clear is that this particular attempt at extortion is further disturbing developments in the overall ransomware story, with no clarity on if the group has the schematics for unreleased products.
Upon setting up this new ransomware task force, the prime goal is to tackle this threat directly by working with coordinated efforts in hand with federal governments.
The goal is to disrupt C&C infrastructure, seize profits, coordinate training and share intelligence among other factors. Whilst the department has taken many significant steps to combat cybercrime, the coordination with all authorities and the ability to utilise full resources to combat this growing threat and cut the problem at the root.
A Sudden Silence
Following this development, the original posts have been removed from REvil’s naming and shaming site and no further reports of extortion attempts have been reported or made public. With REvil’s notorious unsympathetic extortion model, it is very out of the ordinary for such a move to be undertaken in removing all mention.
REvil is a Russian speaking cybercrime outfit that has claimed over $100m per year in successful ransom crime, with an estimated $2bn total from their nefarious activities towards businesses.
In 2020, a total of over 2400 ransomware incidents went reported to the Federal Bureau of Investigation, as evidenced and documented in their annual cybercrime report.