Acer computer was attacked by blackmail, ransom of 50 million USD set a record

The computer giant Acer (Acer) suffered a REvil ransomware attack, and the threat party issued the highest amount of ransom so far-50 million U.S. dollars (about 325 million yuan).

Acer is an electronics and computer manufacturer in Taiwan, China. Its core products include notebook computers, desktops and monitors. It has about 7,000 employees and has revenues of US$7.8 billion in 2019. Just yesterday, the REvil ransomware group announced on its data breach site that they had successfully hacked into Acer's system, and at the same time released several screenshots of stolen files as evidence. The images they posted included documents about financial spreadsheets, bank balances, and bank transaction information.

In the face of interviews and inquiries, Acer officials did not explicitly respond to whether they were attacked by REvil ransomware, but emphasized that they have reported recent abnormalities to relevant local law enforcement agencies and data protection agencies. The following is the complete response given by Acer:

"Acer regularly monitors its internal IT systems, and most cyber attacks are effectively blocked. Companies like Acer are often attacked. We have also reported recently discovered anomalies to local law enforcement agencies and data protection agencies in many countries."

"We have been constantly improving the network security infrastructure, working hard to protect business continuity and information integrity. We urge all enterprises and organizations to comply with network security regulations and information integrity requirements, and be alert to various abnormal network activities that may occur."

"The investigation is still ongoing. For security reasons, we are unable to comment on the details."

1. The ransom amount hit a record high

After the relevant report was released, Valery Marchive of LegMagIT discovered the REvil ransomware sample used in the Acer attack. It can be seen that the threat ransom was as high as 50 million US dollars. Soon after, we also found this sample, and based on the ransom note, we confirmed that the sample was indeed from the Acer attack. In the dialogue between the victim and the REvil group (beginning on March 14), representatives of Acer were shocked by the horrific figure of $50 million. In a later negotiation, the REvil group gave a link to the Acer data breach page (this page has not been made public at the time of the actual dialogue between the two parties). If Acer is willing to pay before Wednesday, the attacker expressed willingness to provide a 20% ransom discount. After receiving the payment, the REvil group will provide decryptors, vulnerability reports and promise to delete the stolen files. The REvil group issued a threat to Acer, saying "Don't repeat the mistakes of SolarWInd." The $50 million amount proposed by the REvil group broke the known ransom record so far. Prior to this, REvil had launched an attack on Dairy Farm and demanded it pay a ransom of 30 million US dollars.

2. The problem may lie in Microsoft Exchange

Vitali Kremez said in an interview that the threat intelligence company Advanced Intel's intelligence platform has detected that the REvil group has recently targeted the Microsoft Exchange server in the Acer domain. Kremez mentioned in the interview, "Advanced Intel's intelligence system has detected that a group under REvil is planning to use Microsoft Exchange vulnerability to launch an attack." The attacker behind the DearCry ransomware has also used the ProxyLogon vulnerability to deploy ransomware before, but The operation is smaller and there are fewer victims. If REvil does use recent Microsoft Exchange security vulnerabilities to steal data or encrypt and lock target devices, it will be the first use of this attack vector in a "large target hunting" ransomware attack.


Post a Comment

Previous Post Next Post