Computer manufacturer Acer is the latest victim of a ransomware attack. According to a report, the Taiwanese company has been hit by a REvil ransomware attack, with the attackers demanding over $50 million ransom. It is found that the ransomware operators compromised Acer’s network systems and allegedly shared images of stolen files as proof of compromise. The exposed images included the company’s sensitive documents like financial spreadsheets, bank balance statements, and other private communications with the bank.
What Acer said…
While it is unknown whether Acer paid any ransom to the cybercriminals, the company did not disclose anything about the security incident.
“Acer routinely monitors its IT systems, and most cyberattacks are well defended. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries. Acer discovered abnormalities from March and immediately initiated security and precautionary measures. Acer’s internal security mechanisms proactively detected the abnormality, and immediately initiated security and precautionary measures,” Acer said.
Possibly a Microsoft Exchange exploit?
Several industry experts suspected that ransomware operators could have launched the attack by exploiting vulnerabilities in Microsoft Exchange Servers on Acer’s domain. This assumption comes after the threat actors behind the DearCry ransomware recently exploited the ProxyLogon vulnerability in their attacks.
REvil in the wild!
Recently, the operators of REvil ransomware, better known as Sodinokibi, have launched an auction website on the dark web, Happy Blog, to sell stolen data from victims who have denied paying the ransom. REvil is auctioning the stolen data of a U.S. food distributor and a Canadian agricultural company, for a starting price of $100,000 and $50,000 respectively.
The threat actor group also made headlines last year when it attacked London-based money transfer service Travelex, demanding a ransom of $6 million in exchange for five gigabytes of its customer data. This attack made large British banks like Barclays, Lloyds Bank, Tesco Bank, HSBC, Westpac Banking, and Royal Bank of Scotland unable to take or process foreign currency orders from customers in branches that rely on Travelex.