The infamous ransomware gang REvil claims it has attacked and stolen data from Taiwanese manufacturer Quanta Computer Inc., including Apple Inc. product blueprints.

First reported today by The Record, REvil, also known as Sodinokibi, claimed on its dark web forum that Quanta refused to pay to get its stolen data back and so it’s now targeting the company’s primary customer: Apple.

As proof of the hack, REvil posted 21 screenshots showing MacBook schematics and threatened to publish new data every day until either Apple or Quanta pays the ransom demand. The amount being demanded by the group is believed to be $50 million, the same amount REvil demanded following an attack on Acer Inc. in March.

Apple may not be alone in having data stolen. REvil also listed other customers that use Quanta as including Dell, Hewlett-Packard Inc., Alienware Inc., Amazon.com Inc., Cisco Systems Inc., Fujitsu Ltd., Gericom, Lenovo Group Ltd., LG Electronics Inc., Maxdata, Microsoft Corp., MPC, Blackberry Ltd., Sharp Corp., Siemens AG, Sony Group Corp., Sun Microsystems Inc., Toshiba Corp., Verizon Wireless and Vizio Inc.

“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil ransomware gang wrote. “We recommend that Apple buy back the available data by May 1.”

Neither Apple nor Quanta has commented on the report.

REvil’s targeting of Apple after failing to get Quanta to pay a ransom is a new twist in ransomware attacks, where usually attackers go after only the primary victim versus the customers.

“This is a new approach in the double extortion name-and-shame technique, where the threat actor engages with the affected third parties after the unsuccessful attempt to negotiate ransom with the primary victim,” Dmitry Smilyanets, threat intelligence analyst at Recorded Future, told The Record.

Previous REvil attacks included those of celebrity law firm Grubman Shire Meiselas & Sacks in May and foreign exchange provider Travelex in late December 2019. The attack on Travelex is notable since the company was reported to have paid a $2.3 million ransom for a decryption key to restore its network.

In the past, REvil has also auctioned stolen data on its dark web site to the highest bidder.

Photo: U.S. Air Force