Monday, March 22nd 2021

Acer Reportedly Hit By $50 Million Ransomware Attack

Acer has reportedly been hit with a REvil ransomware attack covering financial spreadsheets, bank balances, and bank communications. The actors are demanding a 50 million USD ransom which is one of the highest amounts ever demanded in a breach of this type. Acer has not confirmed the report instead stating that they "reported recent abnormal situations" to the relevant authorities. Communication between REvil and Acer began on March 14th with the attackers demanding payment in XMR cryptocurrency via a Tor website in return for the decryptor, a vulnerability report, and the deletion of stolen files. The cause of the attack appears to be a vulnerability in Microsoft Exchange which has now been patched but was not updated by Acer. The group is demanding payment before March 28th or the price will double to 100 million USD.
AcerAcer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries."

"We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.
Source: Bleeping Computer
Add your own comment

10 Comments on Acer Reportedly Hit By $50 Million Ransomware Attack

#1
s3thra
My organisation received warning of the Exchange vulnerability and we had things patched within 24 hours of receiving the CERT notification. Our logs showed in the following days however that we had already been breached before we were able to get to patching. We thus had to rebuild our entire Exchange server from scratch and change credentials on all privileged accounts so as to mitigate any shenanigans.

This attack was swift and it's unfortunate Acer was stung. Hope they have good backups...
Posted on Reply
#2
claylomax
"The actors are demanding a 50 million"

So now they're called "actors"
Posted on Reply
#3
Caring1
claylomax"The actors are demanding a 50 million"

So now they're called "actors"
The criminals behind the attack.
Posted on Reply
#4
Bubster
Don't they use Azure or AWS with Proper Security, They must have multiple Back ups and freeze their bank accounts and transactions Temporary!!!
Posted on Reply
#5
bonehead123
Yep, my company was on top of this and had things backed up in multiple places, thereby avoiding any disruptions in our services...whew.... so we dodged that one pretty well..

GO IT team :)
Posted on Reply
#6
ymbaja
Just a quick note... the vulnerability was out in the wild for months before it was announced so even if you were “quick to patch” you could have easily have been hit.
Caring1The criminals behind the attack.
Used to be “bad actors” but I guess the bad part has been dropped as to not offend any of those with a poor theatrical disposition :)
Posted on Reply
#7
mechtech
probably some users whose warranty was denied ;)
Posted on Reply
#8
WTF_is_the_inturnet
mechtechprobably some users whose warranty was denied ;)
Somebody's dual monitor setup has 7 dead pixels..(thanks to a dumbass UPS driver).. Acer decides... "nah man we can't replace it ..it's only 7 dude"..... and here we are lol lol
Posted on Reply
#9
S@LEM!
seems the windows environment has plenty of weak points.

any simple way to dodge this kind of attack?
Posted on Reply
#10
Caring1
S@LEM!seems the windows environment has plenty of weak points.

any simple way to dodge this kind of attack?
Disconnect from the internet.
Seriously, mission critical data should be intranet only.
Posted on Reply