Acer Reportedly Hit By $50 Million Ransomware Attack

[Uskompuf]

Acer has reportedly been hit with a REvil ransomware attack covering financial spreadsheets, bank balances, and bank communications. The actors are demanding a 50 million USD ransom which is one of the highest amounts ever demanded in a breach of this type. Acer has not confirmed the report instead stating that they "reported recent abnormal situations" to the relevant authorities. Communication between REvil and Acer began on March 14th with the attackers demanding payment in XMR cryptocurrency via a Tor website in return for the decryptor, a vulnerability report, and the deletion of stolen files. The cause of the attack appears to be a vulnerability in Microsoft Exchange which has now been patched but was not updated by Acer. The group is demanding payment before March 28th or the price will double to 100 million USD.

Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries."

"We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.

View at TechPowerUp Main Site

 

[s3thra]

My organisation received warning of the Exchange vulnerability and we had things patched within 24 hours of receiving the CERT notification. Our logs showed in the following days however that we had already been breached before we were able to get to patching. We thus had to rebuild our entire Exchange server from scratch and change credentials on all privileged accounts so as to mitigate any shenanigans.

This attack was swift and it's unfortunate Acer was stung. Hope they have good backups...

 

[claylomax]

"The actors are demanding a 50 million"

So now they're called "actors"

 

[Caring1]

"The actors are demanding a 50 million"

So now they're called "actors"

The criminals behind the attack.

 

[Bubster]

Don't they use Azure or AWS with Proper Security, They must have multiple Back ups and freeze their bank accounts and transactions Temporary!!!

 

[bonehead123]

Yep, my company was on top of this and had things backed up in multiple places, thereby avoiding any disruptions in our services...whew.... so we dodged that one pretty well..

GO IT team

 

[ymbaja]

Just a quick note... the vulnerability was out in the wild for months before it was announced so even if you were “quick to patch” you could have easily have been hit.

The criminals behind the attack.

Used to be “bad actors” but I guess the bad part has been dropped as to not offend any of those with a poor theatrical disposition

 

[mechtech]

probably some users whose warranty was denied

 

[WTF_is_the_inturnet]

probably some users whose warranty was denied

Somebody's dual monitor setup has 7 dead pixels..(thanks to a dumbass UPS driver).. Acer decides... "nah man we can't replace it ..it's only 7 dude"..... and here we are lol lol

 

[S@LEM!]

seems the windows environment has plenty of weak points.

any simple way to dodge this kind of attack?

 

[Caring1]

seems the windows environment has plenty of weak points.

any simple way to dodge this kind of attack?

Disconnect from the internet.
Seriously, mission critical data should be intranet only.