Hackers use REvil ransomware to attack Acer, a Taiwanese tech giant. What makes the Acer breach especially noteworthy is that the group behind the attack demands a fifty-million-dollar ransom, which is the highest figure demand for any group. The only thing that even comes close was another REvil attack, this one against a Dairy Farm, where the hackers demanded a hefty thirty million dollar ransom.
Ransomware attacks are increasingly common among these types of attacks hackers make off with a wide range of sensitive company data before encrypting a company’s files. As proof of their misdeeds, the hackers published a small fraction of the data threatening to release the rest if Acer didn’t meet their demands. It appears that the group made off with a variety of financial spreadsheets, bank balance information, and assorted banking communications.
In addition to the sheer size of the Hackers use of REVil ransomware, another point of interest with Acer’s ransom attack is that the group behind it seems to have exploited recently reported Microsoft Exchange Server vulnerabilities to execute the attack and successfully breach Acer’s defenses. If indeed this proves to be the case, it marks the first time one of the “big game-hunting” ransomware groups has utilized that particular exploit.
Acer’s formal response to the incident, which is still under investigation, reads as follows:
“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.
We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cybersecurity disciplines and best practices and be vigilant to any network activity abnormalities.”
Dark days for Acer, and it should put everyone in the IT field on notice. No one is safe.