Last Week’s Stolen Apple Schematics Have Mysteriously Vanished

It looks like Apple’s recent problem with a ransomware extortion threat may have just quietly gone away.

Last week, Apple became the target of a massive ransomware attack by the Russian hacking group REvil, which had managed to steal schematics of several unreleased Apple products from Apple’s Taiwan-based supplier Quanta.

The group was holding these documents hostage and threatening to release them publicly unless they received $50 million in ransom.

Although REvil originally went after Quanta, when that failed to garner any results, they changed the focus to Apple, presumably figuring that the $2 trillion company would easily pay up a mere $50 million.

The REvil gang has previously made similar threats after stealing confidential data from other manufacturing companies — most recently demanding $50 million from Acer — however this actually represents the first time it changed its approach to publicly demand a ransom from the victim’s customer — in this case, Apple.

Of course, Apple isn’t about to negotiate with a hacking group like this, but to show it was serious, the group released 21 screenshots of MacBook schematics last week on April 20 — a date that was clearly intended to coincide with Apple’s Spring Loaded event.

According to its post on the dark web, REvil claimed to have obtained schematics on the Apple Watch, MacBook Air, MacBook Pro. It also listed Lenovo’s ThinkPad Z6om, although the post was directly very specifically at Apple, going so far as to suggest that Tim Cook could “say thank you Quanta” for allowing these schematics to leak out and not acquiescing to the ransom demands.

Tim Cook can say thank you Quanta. Quanta has made it clear to us that it does not care about the data of its customer and employees, thereby allowing the publication and sale of all data we have.

REvil

However, while REvil threatened to disclose information pertaining to Apple’s new product announcements last week, it clearly didn’t know enough about Apple’s plans, nor did it have any relevant schematics. The 21 images that were leaked included MacBook schematics, however Apple has yet to actually announce any new MacBook models. Still, they did provide some useful insight into what’s eventually coming, seemingly confirming previous rumours that Apple plans to add more ports to this year’s models.

Problem Solved?

The hacker group originally claimed that it would continue to release more schematics “every day” until Apple paid the ransom, adding that it “recommend[s] that Apple buy back the available data by May 1” — although it doesn’t go so far as to say what would happen if it didn’t.

Despite this, however, no additional stolen documents have since appeared, and now, for reasons we can only speculate upon, it looks like the problem has mysteriously disappeared. As discovered by MacRumors, all references related to the extortion attempt have been removed entirely from REvil’s dark web blog.

It’s an interesting development coming from a hacking group that isn’t traditionally known for bluffing, and has already proven several times that it will follow through on its threats. The group hasn’t disappeared either, since it continues to try to extort money from other companies.

Naturally, Apple hasn’t made any comment on the breach, and we probably shouldn’t expect one. However, even in the extremely implausible event that Apple paid the ransom, it seems highly unlikely that REvil would be quiet about that, since of course it would just add more credibility to what they had obtained, and more weight to future threats.

So, at this point it’s hard to say exactly what’s going on here, although it certainly sparks one’s imagination as to how Apple may have dealt with the problem — especially on the heels of Tim Cook’s “Mission Implausible” stunt during last week’s Apple event.