REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom.

Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment of a $50,000,000 ransom, the largest one to date.

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 billion in revenue.

The ransomware gang claimed to have stolen data from the systems of the vendor before encrypting them, then published on their data leak site some images of allegedly stolen documents (i.e. financial spreadsheets, bank documents and communications) as proof of the hack.

Acer is currently investigating the security breach.

“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.” reads a statement issued by the company. “”We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.”

A REvil ransomware sample on malware analysis site Hatching Triage was discovered by TechTarget sister publication LeMagIT Friday, which contained a link to a REvil ransomware demand for $50 million in Monero (213,151 XMR as of publishing).

Researchers at LegMagIT while investigating the security breach discovered a REvil ransomware sample employed in the attacks on Acer, it includes a link to a REvil ransomware demand for $50 million worth of Monero.

“We have since found a sample of the Revil / Sodinokibi ransomware that leads to an engaged discussion between victim and attacker. The latter start by providing a link that leads to their blog page… devoted to Acer. Conservation started on March 14.” reported LegMagIT. “Cyber ​​criminals have offered a 20% discount on the requested amount, provided the settlement reaches them by March 17. Currently, they are asking for $ 50 million. Their interlocutor proposed $ 10 million. The attackers are leaving Acer until March 28 to meet their demands or find an arrangement. After this deadline, they will demand $ 100 million. “

REvil ransomware operators offered a 20% discount if payment was completed by this week, on Wednesday.

According to BleepingComputer, the popular malware researcher Vitali Kremez shared evidence with its experts that one of the affiliates to the Revil RaaS recently targeted an Acer’s Microsoft Exchange server.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransoware)

[adrotate banner=”5″]

[adrotate banner=”13″]