Hardware and electronics firm Acer Inc. has been struck by REvil ransomware with the ransomware gang demanding a ransom payment of $50 million.
The REvil ransomware gang first announced on their data leak site March 18 that they had breached the Taiwanese company and shared some images of allegedly stolen files as proof. Bleeping Computer reported Friday that the allegedly stolen data includes financial spreadsheets, bank balances and bank communications.
Acer has neither confirmed nor denied the attack but hinted that something was going on. “Acer routinely monitors its IT systems and most cyberattacks are well defensed,” the company said in a statement. “Companies like us are constantly under attack and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”
As of the time of writing, there is no official breach statement on any of Acer’s major sites or social media accounts. The company primarily manufactures goods in Taiwan and mainland China. Whether it could be subject to Western regulations such as the European Union General Data Protection Regulation is not clear, though one of its suppliers is based in Hungary, which is an EU member.
The $50 million demanded is notable because it’s believed to be the highest amount ever demanded in the ransomware attack. The previous high was $42 million REvil demanded when it successfully targeted celebrity law firm Grubman Shire Meiselas & Sacks in May. The cost for Acer may be higher yet, as the group threatened to increase the ransom to $100 million if it’s not paid within eight days.
Other notable REvil victims include foreign exchange provider Travelex in late December 2019. In that case, Travelex was reported to have paid a $2.3 million ransom for a decryption key to restore its network.
It’s also being speculated that REvil may have exploited a highly publicized Microsoft Exchange vulnerability. James McQuiggan, security awareness advocate at security training company KnowBe4 Inc., believes the attack did include exploitation of Microsoft Exchange. He told SiliconANGLE that “it was only a matter of time before the recent Microsoft Exchange vulnerability exploited an organization, and in the current climate, it was swift.”
“The WannaCry ransomware from 2017 utilized the EternalBlue exploit and took only a few months before a massive attack occurred,” McQuiggan explained. “With this attack, it took just weeks. Organizations must maintain a multilayer network infrastructure to reduce cybercriminals’ risk, quickly accessing sensitive data and systems.”