Axis of REvil: Inside the hacker collective taunting Apple


The ransom note was both taunting and ominous: “Today we, the REvil Group, will provide data on the upcoming releases of the company beloved by many,” the criminal hackers wrote.

In the note posted on the Dark Web they told the world they hacked an Apple supplier called Quanta Computer and wanted $50 million in ransom or else they would release sensitive internal documents.  “Tim Cook can say thank you Quanta,” wrote REvil.

The extortion attempt, which came early this week, represented a significant escalation for a well-known hacker collective. And experts tell CNBC it may presage a new era of emboldened ransomware attackers who are protected by Russian leader Vladimir Putin and empowered to take on the biggest companies in the world.  

Cyber security experts in the U.S. say the group has a long rap sheet of criminal activity against western companies. Their analysis suggests REvil — pronounced like the letter “R” followed by the word “evil” — is largely made up of native Russian speakers and is likely located in a former Soviet state. Whoever they are, they have a taste for dark humor: REvil posts its stolen documents on a site on the Dark Web that it calls “Happy Blog.”

“We know that they are protected most likely by Russian intelligence, or the Russian government, as are most ransomware groups, which has allowed them to flourish, over the last 18 months,” said Marc Bleicher of Arete Incident Response, a cyber security firm that specializes in negotiations with criminal hackers. Bleicher says his firm has dealt with REvil 32 times in just the past 90 days.

“I think, you know, based on what we’ve seen so far, this may be just the tip of the iceberg over the last few months and what you’re going to start to see is organizations that are of the same size and stature as Apple,” Bleicher said.

That means more CEOs need to brace for ransomware impact and for REvil’s shockingly direct intimidation tactics. Bleicher said one signature of the group is stealing a CEO’s personal cellphone number from company computers and then repeatedly calling that