fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

REvil Gang Tries To Extort Apple, Threatens To Sell Stolen Blueprints

REvil Gang Tries To Extort Apple, Threatens To Sell Stolen Blueprints

The REvil ransomware gang asked Apple to “buy back” stolen product blueprints to avoid having them leaked on REvil’s leak site before today’s Apple Spring Loaded event.

The ransomware gang wants Apple to pay a ransom by May 1st to prevent its stolen data from being leaked and added that they are also “negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands.”

REvil tried to extort Apple only after Quanta Computer, a leading notebook manufacturer and one of Apple’s business partners, refused to communicate with the ransomware gang or pay the ransom demanded after they allegedly stole “a lot of confidential data” from Quanta’s network.

Quanta is a Taiwan-based original design manufacturer (ODM) and an Apple Watch, Apple Macbook Air, and Apple Macbook Pro maker. 

Quanta has a long list of high-profile customers, including Apple, Dell, Hewlett-Packard, Alienware, Lenovo, Cisco, and Microsoft.

Based on the number of ODM laptop units sold, Quanta is the world’s second-largest original design manufacturer of laptops, only behind Compal who was also targeted by ransomware last year. 

According to the Tor payment page shared with BleepingComputer, Quanta has to pay $50 million until April 27th, or $100 million after the countdown ends.

Quanta  ransom note
Quanta ransom demand

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

So far, REvil leaked over a dozen schematics and diagrams of MacBook components on its dark web leak site, although there is no indication that any of them are new Apple products.

In a negotiation chat on REvil’s payment site seen by BleepingComputer, REvil warned that “drawings of all Apple devices and all personal data of employees and customers will be published with subsequent sale” if Quanta did not begin negotiating a ransom.

After that time frame expired, REvil published the schematics on their data leak site.

Quanta payment page chat
Quanta payment page chat

REvil is a ransomware-as-a-service (RaaS) operation known for recruiting affiliates to breach corporate networks, steal unencrypted data, and encrypt devices.

Once a ransom payment is made, the REvil core developers and the affiliates split the payment, with the affiliates generally getting the larger share.

REvil has been on a hacking spree over the last month, demanding extremely high ransom demands in attacks targeting Acer ($50 million)Pierre Fabre ($25 million), and Asteelflash ($24 million)

Cybersecurity researchers have told BleepingComputer that they believe REvil has been making extremely high demands to start at a higher negotiation price.

“Quanta Computer’s information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers,” a Quanta spokesperson told BleepingComputer.

“We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the Company’s business operation.

“The information security defense mechanism was activated in no time while conducting a detailed investigation to ensure containment and recovery of data are in process and a small range of services impacted by the attacks were brought back to normal.

Also Read: The 3 Main Benefits Of PDPA For Your Business

“Consequently, we upgraded the level of cybersecurity by reviewing and enhancing current infrastructure for information security and protection.”

An Apple spokesperson was not available for comment when contacted by BleepingComputer earlier today.

Update: Added statement from Quanta.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us