What just happened? Acer is reportedly the latest tech giant to become the victim of a ransomware attack. The Taiwanese company was hit by the REvil ransomware gang, which is demanding it hand over $50 million worth of Monero cryptocurrency in exchange for the decryption key. The payment will also ensure sensitive company data isn’t leaked online.
The Record writes that the attack has only affected Acer’s back-office and not the hardware maker’s production systems. The firm hasn’t confirmed any ransomware incident, and the attack never stopped the announcement of its Q4 2020 financial results last Wednesday.
The Record found Acer’s name on a dark web portal where the REvil gang usually leaks stolen data from companies that don’t pay ransoms. While no files have been posted, there were screenshots of internal documents.
Another dark web portal operated by REvil showed the $50 million ransom note, believed to be the largest demand ever made by ransomware gang—the previous record was a $30 million ransomware attack on Pan-Asian retail giant Dairy Farm, also the work of REvil.
The page included a copy of an online conversation between a group member and an Acer representative that started on March 14. The attackers call the rep an “incompetent negotiator,” demanding their boss get in touch.
Bleeping Computer notes that the group offered to discount the ransom by 20 percent if it was paid before last Wednesday. If the Monero isn’t handed over by March 28, the amount will double to $100 million. Acer was warned “to not repeat the fate of the SolarWind.”
It’s believed that the attack may have been carried out using a Microsoft Exchange exploitation. “Advanced Intel’s Andariel cyberintelligence system detected that one particular REvil affiliate pursued Microsoft Exchange weaponization,” malware expert Vitali Kremez told BleepingComputer.
We recently heard that four zero-day exploits in Microsoft Exchange are being targeted by at least ten advanced persistent threat (APT) hacker groups in an attempt to compromise servers around the world.
Acer is cagey about the incident, referring to it only as “abnormal situations.” In a statement to BC, it said:
Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.
We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.
The company added that “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”