Ransomware Group That Stole Apple Schematics From An Apple Supplier Pwned By Authorities

You might remember earlier this year that I wrote about a group called REvil who hacked their way into one of Apple’s suppliers and stole a bunch of schematics which they then held for ransom.

Fun Fact: Those schematics turned out to be the new MacBook Pros that were recently announced.

In any case, I heard nothing further about REvil’s attack on Apple since then, but it turns out there was a multi-country operation underway to take down the ransomware group. According to Reuters, several government agencies teamed up to hack REvil and take it offline this week:

One person familiar with the events said that a foreign partner of the U.S. government carried out the hacking operation that penetrated REvil’s computer architecture. A former U.S. official, who spoke on condition of anonymity, said the operation is still active.

If you read the rest of the Reuters article, it also indicates that authorities got their hands on the decryption key for REvil’s ransomware., which I wrote about here. At the time, it wasn’t clear how the key was obtained. Now we know. And now we also know that this is still an ongoing effort. Which means that ransomware gangs could now become the ones being pwned. Which as far as I am concerned is a good thing.

UPDATE: I got commentary from Robert Cattanach is a partner at the international law firm Dorsey & Whitney. He advises companies about ransomware attacks. He has previously worked as a trial attorney for the United States Department of Justice and was also special counsel to the Secretary of the Navy. Today he practices in the areas of regulatory litigation, including cybersecurity, privacy and telecommunications, civil and criminal enforcement proceedings and international Regulatory Compliance (EU focus).

“Confirming speculation over the cause of the latest demise of notorious cybergang REvil’s website, Reuter’s reports that a consortium of ‘like-minded countries’ – likely spearheaded by the FBI, Cyber Command, and the Secret Service – took a page from the hacker’s playbook and covertly corrupted backups, which Revil apparently attempted to use to restore its functioning after the FBI took it down earlier. Infecting backups with secret malware is a common strategem used by hackers to deter victims from attempting to restore their systems, and instead pay the ransom rather than going through the time and expense of a clean reboot. But apparently someone at REvil didn’t get their own memo, and attempted to use REvil’s backup files to restore their systems – always a risk if you’ve been hacked, but one which some victims are willing to take to avoid the costly and time-consuming alternative. And it also demonstrates a resolve not previously seen by the US and its allies to pursue cybercriminals with aggressive counterstrikes, which may themselves be of dubious legality under international law. Whether this prompts even more destructive escalations by cybercriminals, or causes the likes of REvil to tap the brakes a bit, remains to be seen,”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: