REvil hackers demanded a ransom be paid by May 1 by waving some of their alleged loot on their "Happy Blog", their claim site hosted on the DarkWeb.
Over the weekend, those technical drawings used to assemble Apple devices as well as the victim's name Quanta Computer disappeared.
On the REvil site, a search with the reference Quanta Computer has not been successful since this weekend.
These very technical and detailed industrial drawings continued to leak for several days with the appearance of PDF files and download links for documents including assembly diagrams of the new iMacs, barely announced last Tuesday.
A double extortion technique - data encryption and broadcast threats - used for a year and a half by the most seasoned hackers.
At the negotiating table
Russian-speaking REvil hackers were demanding a shiny ransom of $ 50 million to stop distributing the data they allegedly siphoned off from the Californian company's subcontractor. They also claimed that they would return them in case of payment in cryptocurrency and not sell them back to the highest bidder. After being refused by the initial victim, they targeted one of its main customers, Apple.
Several scenarios are on the table.
The most realistic?
"When a company is removed from the site of a ransomware group, it may indicate that the victim - or a third party - has either paid the ransom or at least agreed to negotiate," assures Brett Callow, cybersecurity expert at Emsisoft, a company specializing in the fight against ransomware.
Quanta Computer also counts HP or Dell as customers, companies that would have a lot to lose in terms of technological advances and intellectual property.
FBI advises against paying
Pressured by the publication of the data, the Taiwanese manufacturer may finally have given in to blackmail and started negotiations through a service provider to lower the asking price to an acceptable amount and / or covered by insurance. Strongly discouraged by the authorities, especially the FBI, negotiations with hackers often go through a communication channel, a "chat", where an intermediary manages to reduce the ransom and obtain guarantees to recover the data.
In France, 65% of companies affected by ransomware in 2020 paid, compared to 58% on average internationally, according to the annual study on cyber risk management by insurer Hiscox.
Another possible scenario: the cybercriminals found another buyer for the technical data and sold their loot to one of the “big companies” with whom they were negotiating.
Some of the damage was done anyway: thousands of people had already downloaded the sample pirated files and copies were already circulating on the hacker forums.