A hacker gang has stolen files from a company that manufactures Apple products and is openly trying to extort the tech giant in exchange for not leaking them.
Apple declined to comment on whether it intended to pay, but the hackers’ extortion letter to the company remained online Thursday night.
The company that was hacked, Quanta, is a Taiwanese manufacturer that makes a range of computer products, including the Mac Pro.
The hackers, who posted the extortion letter and three sample technical files to their blog on the dark web, are among more than a dozen prolific cyber-criminal organizations that in recent years have steadily hacked targets around the world, encrypting victims’ files or threatening to publish them and demanding a ransom, usually in bitcoin.
Though U.S. law enforcement closely tracks the hackers behind the ransomware gangs, the organizations tend to operate in countries that don’t extradite to the U.S., particularly Russia, law enforcement agents say, making it essentially impossible to physically stop them unless the hackers travel internationally.
While ransomware attacks have become increasingly common in recent years, the extortion attempt against Apple is the rare case where a ransomware gang targets and publicly taunts a major American brand. Most gangs either focus on smaller targets and use blogs to increase public pressure on their victims to pay, or are “big game hunters” that target larger corporations for huge payouts but don’t publicize the acts, allowing the company to save face.
The Apple attack is particularly visible as the Biden administration moves to address the proliferation of ransomware. White House officials have said they will unveil a comprehensive ransomware strategy in the coming weeks that will focus on bringing international pressure for host countries to stop the gangs, and the Department of Justice has reportedly formed a task force to better address the problem.
Paying ransomware is risky for victims because some still do not get their files back. Others admit they have been hacked and announce they won’t pay, like CD Projekt Red, the creator of the video game Cyberpunk 2077, did in February.
It’s unclear how damaging or significant the Quanta files are. A company spokesperson said in a statement that its “information security defense mechanism was activated in no time,” and that there was only “a small range of services impacted by the attacks.”
Brett Callow, who tracks ransomware gangs for the cybersecurity firm Emsisoft, said the hackers’ actions give Apple few options.
“I think it entirely depends on the sensitivity of the data that was exfiltrated. If the release of the information could have a significant impact on one of Quanta’s customer’s bottom line, then somebody may be willing to pay to prevent it being released. If not, [the hackers] will likely strike out,” he said.
There’s also no guarantee the hackers will honor their price.
“Apple’s option are pretty simple,” Callow said. “Refuse to pay and strategize how to deal with the information becoming public or pay for a pinky-promise that [the hackers] will destroy the data. But why would they destroy it, especially if it has significant market value?”
Ezra Kaplan contributed.