Taiwanese computer and IT giant Acer appears to be the latest major company to fall victim to the REvil ransomware, with the perpetrators demanding a $50 million ransom in the privacy currency Monero (XMR).
A media specialized in technology and computing reports that Acer is the latest computing and IT products company to fall victim to a cyber attack. ransomware. As explains BleepingComputer, the company was attacked by ransomware REVIL, which hijacked much of Acer's sensitive data, including financial spreadsheets, bank balances and banking communications.
Apparently, the data of Acer users and customers was not affected during the attack, although the hackers claim on their website on the dark net that the kidnapped data is of great importance to the company, so they are asking for a ransom of no less than 50 million dollars, which Acer must pay before March 28.
If the ransom is not paid by the due date, the hackers are threatening to double the ransom demand to $100 million, and to publish the stolen Acer confidential information. BleepingComputer found proof of the hackers' ransom demand on Monero, which demands 214.151 XMR before the 28th of this month.
Source: BleepingComputer
In a private conversation between an Acer executive and the hackers, the cybercriminals promised a 20% discount if the company decides to pay up by Wednesday. According to the hackers' demand, they will provide Acer with a decryptor to lock its encrypted files, a full report of the vulnerabilities that enabled the attack and promised to delete all the company's hijacked data.
It may interest you: Cream Finance and PancakeSwap were victims of a DNS spoofing attack
Acer under ransomware attack
According to BleepingComputer’s report, the REvil ransomware has been running since last week, around March 14, although Acer has not confirmed whether or not it has indeed fallen victim to this attack group. However, the company did note that it detected certain “recent abnormal situations,” which were reported to its cybersecurity team, law enforcement authorities, and relevant data protection authorities in several countries.
This response suggests that the company may be in a very compromising situation. At the time of the request for information on the veracity of the possible attack, Acer also stated that they were currently in the middle of an investigation, and that for security reasons they could not reveal more details.
On the other hand, the REvil attack group has published images on its website showing spreadsheets and other information, which supposedly belongs to Acer; this as proof of the veracity of its attack.
Source: BleepingComputer
Did Microsoft Exchange enable ransomware?
Vulnerabilities in Acer's Microsoft Exchange server appear to be the reason REvil was able to attack the company and hijack some of its files and data. This possibility stems from a report by cyber threat analysis and research firm Advanced Intel.
«Intel's advanced Andariel cyber intelligence system detected that a particular REvil affiliate pursued the weaponization of Microsoft Exchange.»
If this possibility is confirmed, researchers say it would be the first time that the REvil attack group has used and exploited a vulnerability in the Microsoft Exchange server as an attack vector.
REvil is one of the largest hacker groups, responsible for the hacking of Adif, the company in charge of railway lines in Spain, which fell victim to this group in 2020.
So far, the ransom demanded from Acer is the largest ever seen. Also, cybercriminals are asking for payment in XMR for the security and privacy qualities offered by the cryptocurrency, almost impossible to trace.
Continue reading: “BitcoinPaperWallet” appears to be responsible for the disappearance of more than 124 BTC
