MacBook maker Compal hit by $17M ransom attack at worst time for Apple

MacBook maker Compal has reportedly been hit by a ransomware attack over the weekend, the hackers claiming to have encrypted files and stolen unencrypted data.

It comes just ahead of today’s event to announce the first Apple Silicon MacBooks, and at a time when Apple has reportedly placed very large orders for the next-generation MacBooks …

Bleeping Computer reports that the attackers are demanding 1,100 Bitcoin, worth close to $17 million at the current exchange rate.

BleepingComputer has confirmed that Compal suffered a DoppelPaymer ransomware attack after we obtained a ransom note used in the attack […]

DoppelPaymer is a ransomware operation known for attacking enterprise targets by gaining access to admin credentials and using them to spread throughout a Windows network. Once they gain access to a Windows domain controller, they deploy the ransomware payloads to all devices on the network.

According to the DoppelPaymer Tor payment site linked to in the ransom note, the ransomware gang is demanding 1,100 Bitcoins, or $16,725,500.00 at today’s prices, to receive a decryptor.

According to the ransom note and DoppelPaymer’s past history, the attackers likely stole unencrypted data as part of their attack. This stolen data is then used as a double-extortion strategy where the ransomware gangs threaten to release the files on data leak sites if a ransom is not paid.

Key MacBook maker Compal has denied the report, but the evidence seems pretty compelling.

The laptop maker claimed it was just an “abnormality” in their office automation system. Lu Qingxiong said that the main reason was an abnormality in the office automation system. The company suspected of being invaded by hackers. It has urgently repaired most of it and is expected to return to normal today.

Lu Qingxiong emphasized that Compal is not being blackmailed by hackers, as is reported by the outside world, and everything is currently normal in production, UDN reported.

Apple has reportedly placed initial orders of Apple Silicon MacBooks equivalent to almost a full fifth of total MacBook sales last year. Compal is one of Apple’s primary assemblers.

Whether MacBook production will actually be hit is currently unknown, but while it’s not uncommon for companies to want to keep quiet about ransomware attacks, public companies have to declare events which are likely to have a material effect on their financial performance. Since Compal has not done so, it does appear that – one way or another – it has the situation largely under control.

Check out our preview of what we’re expecting from today’s event, and we’ll of course be bringing you live coverage as it happens.

Photo: Ash Edmonds on Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear