Acer has reportedly been hit by a REvil ransomware gang. To prove they’ve hacked Acer’s systems, the ransomware gang published various Acer documents. The documents include financial spreadsheets, bank balances, and bank communications.
The culprits are demanding $50 million from the company. This is the largest ransom demand in history.
Bleeping Computer first reported the incident last week saying the REvil gang breached Acer’s systems on Thursday and shared images of allegedly stolen files.
The attack possibly stemmed from Microsoft Exchange ProxyLogon flaws.
Image: BeepingComputer: Acer ransom demand on Tor payment site
The Taiwanese electronics and computer maker has not confirmed whether it has paid the ransom.
Acer did not acknowledge whether it had suffered a ransomware attack, but mentioned “abnormal behaviors” and said “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”
“Acer routinely monitors its IT systems, and most cyberattacks are well defended. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries,” an Acer spokesperson said in a statement emailed to BeepingComputer.
“Acer discovered abnormalities from March and immediately initiated security and precautionary measures. Acer’s internal security mechanisms proactively detected the abnormality, and immediately initiated security and precautionary measures.”
More details appeared over the weekend. Valery Marchive of LegMagIT found the REvil ransomware sample used in the Acer attack. It also turned out conversations between Acer and REvil started on March 14th. In the chat, the REvil hacker sent Acer a link to the company’s data leak page. Hackers also warned Acer “to not repeat the fate of the SolarWind.”
Vitali Kremez told BleepingComputer that Advanced Intel’s Andariel cyberintelligence platform detected that the Revil gang recently pursued Microsoft Exchange weaponization on Acer’s domain.
No other details are available at this time. This is a developing story.