Taiwanese computer manufacturer Acer is facing a ransomware attack from the REvil group.
According to Bleeping Computer, REvil is demanding a $50 million sum from Acer. The company reportedly has until March 28 to send the funds before any alleged stolen data is leaked.
Bleeping Computer reports that REvil offered Acer a 20% discount on the payment it was looking to extort out of the company if the money was transferred by Wednesday, March 17.
That didn’t happen.
The ransomware gang reportedly breached Acer and shared some images of allegedly stolen files as proof on its website over the weekend.
The leaked images showed documents that include financial spreadsheets, bank balances, and bank communications.
“Acer routinely monitors its IT systems, and most cyberattacks are well defended. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries,” an Acer spokesperson said in an emailed statement.
The Microsoft vulnerability link
The group may have pulled off the attack by way of the “Hafnium” vulnerability in Microsoft Exchange. Data from Advanced Intel’s Andariel cyber intelligence platform was able to link the possible breach to the Microsoft Exchange hack issue.
Though Microsoft had been working to release a simple patch for the issue, that doesn’t mean it’s been erased entirely. The software giant explained that the patch would only work against attacks that had already happened and might not be a panacea to resolve future hacks.
Previous attacks by REvil
The REvil group made headlines in 2020 when it launched a $6 mn ransomware attack on money transfer service Travelex.
The operators of the REvil ransomware extorted a New York-based law firm in May last year, threatening to release sensitive files on the company’s celebrity clients unless the firm paid a $42 mn ransom demand.
The same hacking group tried to extort $30 mn from Dairy Farm Group earlier this year.
$50 million to jump to $100 million
Acer engaged in the discussion with REvil on March 14, when the group initially demanded $50 mn.
When Acer refused to pay the 20% discounted sum, it apparently escalated things.
According to a screenshot of the ransomware demand, it doubles to $100 mn in a few days. The $50 million already ranks as the largest ransomware demand known to date.
If Acer decides to pay, the REvil group will provide the company with a vulnerability report, in addition to decrypting its compromised data. The group also says it will delete stolen files on its end.
While Acer could afford to pay the kind of massive sum REvil is trying to extort after making over $8.5 billion in revenues last year, it’s unlikely it will, else it would become an attractive target for other hacking groups hoping to score big.