REvil ransomware operators attacked Acer and demand $50,000,000

ransomware REvil attacked Acer

The REvil ransomware attacked the Taiwanese company Acer (the sixth-largest computer manufacturer in the world, accounting for about 6% of all sales). Cybercriminals are demanding from the manufacturer $50,000,000, which is the largest ransom in history.

At the end of last week, the hackers posted a message on their website that they had hacked Acer, and as proof of this statement, they shared screenshots of the files allegedly stolen from the company. Published images include documents, financial spreadsheets, bank balances, and messages.

ransomware REvil attacked Acer

Acer representatives have already commented on what is happening, but so far they avoid talking openly about the ransomware attack. Instead, the company said it had already reported the “emergency” to law enforcement agencies, but they cannot disclose details while the investigation continues.

Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries. We have continuously enhanced our cybersecurity infrastructure to protect business continuity and information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices and be vigilant to any network activity abnormalities. reported Acer representatives.

The Record reports that analysts at Malwarebytes were able to track down another hacker site on the darknet, where victims are negotiating a ransom with attackers. Here you can see that the Acer representative was shocked by the demand of $50 million, and the negotiations were at an impasse. Journalists note that at some point, REvil operators turned to threats and vaguely advised Acer “not to repeat the fate of SolarWinds”.

ransomware REvil attacked Acer

The $50,000,000 ransom is the largest to date. The previous “record” was $30,000,000: the same REvil operators demanded the same amount from the hacked Dairy Farm company.

According to Bleeping Computer, specialist Vitaly Kremez discovered that some time ago, the REvil hack group was targeting a Microsoft Exchange server in the Acer domain.

Recently, the attackers behind the DearCry ransomware have already exploited ProxyLogon vulnerabilities to deploy the ransomware on vulnerable systems of small companies. Probably the REvil operators could have gone the same way.

Let me remind you that REvil spokesman boasts that hackers have access to ballistic missile launch systems.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *