On the day Apple was set to announce a slew of new products at its Spring Loaded event, a leak appeared from an unexpected quarter. The notorious ransomware gang REvil said they had stolen data and schematics from Apple supplier Quanta Computer about unreleased products and that they would sell the data to the highest bidder if they didn't get a $50 million payment. As proof, they released a cache of documents about upcoming, unreleased MacBook Pros. They've since added iMac schematics to the pile. The connection to Apple and dramatic timing generated buzz about the attack. But it also reflects the confluence of a number of disturbing trends in ransomware. After years of refining their mass data encryption techniques to lock victims out of their own systems, criminal gangs are increasingly focusing on data theft and extortion as the centerpiece of their attacks-and making eye-popping demands in the process. In the case of Quanta, attackers likely feel they hit a nerve, because Apple is notoriously secretive about intellectual property and new products in its pipeline. By hitting a vendor downstream in the supply chain, attackers give themselves more options about the companies they can extort. Quanta, for example, also supplies Dell, HP, and other large tech companies, so any breach of Quanta's customer data would be potentially valuable for attackers. Attackers also may find softer targets when they look to third-party suppliers who may not have as many resources to funnel into cybersecurity.

The $50 million demand may seem extraordinary, but it also fits in with the recent ransomware trend of "big game" hunting. REvil reportedly put the same sum to Acer in March, and the average ransomware demand reportedly doubled between 2019 and 2020. Large companies have become a more popular target specifically, because they can potentially afford big payouts; it's a more efficient racket for a criminal group than cobbling smaller payments together from more victims. And attackers have already been experimenting with strategies to put pressure on extortion victims, like contacting individuals or businesses whose data might be impacted by a breach and telling them to encourage a target to pay. Just this week, one ransomware group threatened to feed information to short sellers of publicly traded companies. A company like Apple would presumably take the threat of leaking intellectual property seriously. But other organizations, especially those that hold regulated personal data from customers, have even more incentive to pay if they think it will help cover up an incident. A seven-figure ransom might seem appealing if disclosing a breach might result in $2 million of regulatory fines under laws like Europe's GDPR or California's Consumer Privacy Act.