The PC vendor Acer became the victim of a REvil ransomware attack. The requested ransom might be the largest one to date, REvil asking for $50,000,000.

Acer is the 6th-largest PC vendor by unit sales in the world with more than 7,000 employees and over 234.29 billion in revenue.

REvil declared to have stolen data from the vendor’s systems before these got the chance to be encrypted.

They published on their site some images of allegedly stolen documents, looking like financial spreadsheets, bank documents, and communications. 

 

Source

Acer issued a statement on March 19th stating that currently are still investigating the security breach and the effects this might’ve had. 

Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.

We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cybersecurity disciplines and best practices, and be vigilant to any network activity abnormalities.

Source

A sample belonging to the REvil ransomware sample was discovered on Friday including a link to a REvil ransomware demand for $50 million in Monero.

 We have since found a sample of the Revil / Sodinokibi ransomware that leads to an engaged discussion between victim and attacker. The latter start by providing a link that leads to their blog page… devoted to Acer. Conservation started on March 14.

 Cybercriminals have offered a 20% discount on the requested amount, provided the settlement reaches them by March 17. Currently, they are asking for $ 50 million. Their interlocutor proposed $ 10 million. The attackers are leaving Acer until March 28 to meet their demands or find an arrangement. After this deadline, they will demand $ 100 million. 

Source

The REvil ransomware operators even offered a discount of 20% if the payment would be completed until Wednesday, the 24th of March.

heimdal security news and updates
2021.03.08 QUICK READ

REvil Ransomware Group Threatens to Launch DDoS Attacks, Call Journalists and Business Partners

2019.11.11 INTERMEDIATE READ

Ransomware as a Service (RaaS) – A Contemporary Mal du siècle?

2017.08.08 SLOW READ

A Closer Look at Ransomware Attacks: Why They Still Work

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP