The REvil ransomware attacked the Taiwanese company Acer (the sixth-largest computer manufacturer in the world, accounting for about 6% of all sales). Cybercriminals are demanding from the manufacturer $50,000,000, which is the largest ransom in history.
At the end of last week, the hackers posted a message on their website that they had hacked Acer, and as proof of this statement, they shared screenshots of the files allegedly stolen from the company. Published images include documents, financial spreadsheets, bank balances, and messages.
Acer representatives have already commented on what is happening, but so far they avoid talking openly about the ransomware attack. Instead, the company said it had already reported the “emergency” to law enforcement agencies, but they cannot disclose details while the investigation continues.
The Record reports that analysts at Malwarebytes were able to track down another hacker site on the darknet, where victims are negotiating a ransom with attackers. Here you can see that the Acer representative was shocked by the demand of $50 million, and the negotiations were at an impasse. Journalists note that at some point, REvil operators turned to threats and vaguely advised Acer “not to repeat the fate of SolarWinds”.
The $50,000,000 ransom is the largest to date. The previous “record” was $30,000,000: the same REvil operators demanded the same amount from the hacked Dairy Farm company.
According to Bleeping Computer, specialist Vitaly Kremez discovered that some time ago, the REvil hack group was targeting a Microsoft Exchange server in the Acer domain.
Recently, the attackers behind the DearCry ransomware have already exploited ProxyLogon vulnerabilities to deploy the ransomware on vulnerable systems of small companies. Probably the REvil operators could have gone the same way.
Let me remind you that REvil spokesman boasts that hackers have access to ballistic missile launch systems.