[BreachExchange] REvil ransomware gang demands $50M ransom payment from Acer

[Destry Winant]

https://siliconangle.com/2021/03/21/revil-ransomware-gang-demands-50m-ransom-payment-acer/

Hardware and electronics firm Acer Inc. has been struck by REvil ransomware
with the ransomware gang demanding a ransom payment of $50 million.

The REvil ransomware gang first announced on their data leak site March 18
that they had breached the Taiwanese company and shared some images of
allegedly stolen files as proof. Bleeping Computer reported Friday that the
allegedly stolen data includes financial spreadsheets, bank balances and
bank communications.

Acer has neither confirmed nor denied the attack but hinted that something
was going on. “Acer routinely monitors its IT systems and most cyberattacks
are well defensed,” the company said in a statement. “Companies like us are
constantly under attack and we have reported recent abnormal situations
observed to the relevant law enforcement and data protection authorities in
multiple countries.”

As of the time of writing, there is no official breach statement on any of
Acer’s major sites or social media accounts. The company primarily
manufactures goods in Taiwan and mainland China. Whether it could be
subject to Western regulations such as the European Union General Data
Protection Regulation is not clear, though one of its suppliers is based in
Hungary, which is an EU member.

The $50 million demanded is notable because it’s believed to be the highest
amount ever demanded in the ransomware attack. The previous high was $42
million REvil demanded when it successfully targeted celebrity law firm
Grubman Shire Meiselas & Sacks in May. The cost for Acer may be higher yet,
as the group threatened to increase the ransom to $100 million if it’s not
paid within eight days.

Other notable REvil victims include foreign exchange provider Travelex in
late December 2019. In that case, Travelex was reported to have paid a $2.3
million ransom for a decryption key to restore its network.

It’s also being speculated that REvil may have exploited a highly
publicized Microsoft Exchange vulnerability. James McQuiggan, security
awareness advocate at security training company KnowBe4 Inc., believes the
attack did include exploitation of Microsoft Exchange. He told SiliconANGLE
that “it was only a matter of time before the recent Microsoft Exchange
vulnerability exploited an organization, and in the current climate, it was
swift.”

“The WannaCry ransomware from 2017 utilized the EternalBlue exploit and
took only a few months before a massive attack occurred,” McQuiggan
explained. “With this attack, it took just weeks. Organizations must
maintain a multilayer network infrastructure to reduce cybercriminals’
risk, quickly accessing sensitive data and systems.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210322/20905d31/attachment.html>