Acer Hit with REvil Ransomware, Hackers Demand $50M

Electronics giant Acer fell victim to the REvil ransomware group responsible for the attack of several other companies over the past months, reported Bleeping Computer. The attackers are demanding $50 million from the company.

The ransomware gang was able to enter the company’s system and stole important files from the company. To prove the legitimacy of its demands, the group leaked some of the information on its “Happy Blog.”

Some of the sensitive info released by the gang includes bank balances and communications, and financial spreadsheets.

Acer Hit with REvil Ransomware

In a statement, the tech giant said that big companies such as itself are often being attacked by malicious actors. To protect from such actions, “Acer routinely monitors its IT systems, and most cyberattacks are well defensed.”

The firm also revealed that it has filed reports regarding “abnormal situations observed to the relevant law enforcement and data protection authorities in multiples countries.”

Regarding its actions to address the current situation, Acer said, “We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity.”

The company added that it is currently investigating the matter, which prevents it from disclosing more details.

The ransom demand is considered the highest by the gang, which ordered the payment in Monero. The approximate amount of $50 million is equal to around XMR 214,151 in the said cryptocurrency. The former highest ransom is $30 million demanded by REvil from Dairy Farm.

The Microsoft Connection

Bleeping Computer also revealed that the gang attacked a Microsoft Exchange server associated with Acer.

According to cybersecurity expert Vitali Kremez, “Advanced Intel’s Andariel cyberintelligence system detected that one particular REvil affiliate pursued Microsoft Exchange weaponization.”

Bleeping Computer noted that the DearCry ransomware has also exploited the ProxyLogin bug in Microsoft Exchange. However, this group’s attack is smaller in scale compared to REvil.

The cybersecurity-focused outlet also remarked, “Of REvil did exploit the recent Microsoft Exchange vulnerabilities to steal data or encrypt devices, it would be the first time one of the big game-hunting ransomware operations used this attack vector.”

SC Magazine and Bleeping Computer attempted to contact the company but it refused to answer. It also did not provide verifications that the attack was possible through a vulnerability in the Microsoft Exchange servers.

Meanwhile, the company recommended that other organizations assess their ransomware risk to minimize any avenues for malicious actors to attack.