• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Acer Reportedly Hit By $50 Million Ransomware Attack

Uskompuf

Staff member
Joined
Mar 31, 2020
Messages
781 (1.93/day)
Acer has reportedly been hit with a REvil ransomware attack covering financial spreadsheets, bank balances, and bank communications. The actors are demanding a 50 million USD ransom which is one of the highest amounts ever demanded in a breach of this type. Acer has not confirmed the report instead stating that they "reported recent abnormal situations" to the relevant authorities. Communication between REvil and Acer began on March 14th with the attackers demanding payment in XMR cryptocurrency via a Tor website in return for the decryptor, a vulnerability report, and the deletion of stolen files. The cause of the attack appears to be a vulnerability in Microsoft Exchange which has now been patched but was not updated by Acer. The group is demanding payment before March 28th or the price will double to 100 million USD.





Acer said:
Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries."

"We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.

View at TechPowerUp Main Site
 
Joined
Mar 20, 2019
Messages
323 (0.41/day)
Location
Australia
System Name Ryzen
Processor AMD Ryzen 7 3700X
Motherboard MSI B450 Gaming Plus
Cooling Cryorig H7
Memory Kingston HyperX Predator DDR4 3200MHz 2x8GB
Video Card(s) Gigabyte Radeon RX 5600 XT GAMING OC 6G
Storage Adata XPG SX8200 Pro 512GB NVMe SSD
Display(s) Acer KG251QF
Case NZXT H500
Audio Device(s) SteelSeries Siberia V2
Power Supply Corsair RM650x Gold 650W
Mouse Logitech G502 Hero
Keyboard HyperX Alloy FPS Cherry MX Blue
Software Windows 10 Pro, Ubuntu
My organisation received warning of the Exchange vulnerability and we had things patched within 24 hours of receiving the CERT notification. Our logs showed in the following days however that we had already been breached before we were able to get to patching. We thus had to rebuild our entire Exchange server from scratch and change credentials on all privileged accounts so as to mitigate any shenanigans.

This attack was swift and it's unfortunate Acer was stung. Hope they have good backups...
 
Joined
Apr 10, 2010
Messages
1,765 (0.44/day)
Location
London
System Name Jaspe
Processor Ryzen 1500X
Motherboard Asus ROG Strix X370-F Gaming
Cooling Stock
Memory 16Gb Corsair 3000mhz
Video Card(s) EVGA GTS 450
Storage Crucial M500
Display(s) Philips 1080 24'
Case NZXT
Audio Device(s) Onboard
Power Supply Enermax 425W
Software Windows 10 Pro
"The actors are demanding a 50 million"

So now they're called "actors"
 
Joined
Oct 22, 2014
Messages
11,859 (4.96/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel i5-9600KF
Motherboard NZXT N7 Z370 Black
Cooling Cooler Master 240 RGB AIO / Stock
Memory Thermaltake Toughram 16GB 4400MHz DDR4 or Gigabyte 16GB 3600MHz DDR4 or Adata 8GB 2133Mhz DDR4
Video Card(s) Asus Dual 1060 6GB
Storage Kingston A2000 512Gb NVME
Display(s) AOC 24" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Pro 64 bit
Joined
Aug 5, 2020
Messages
160 (0.58/day)
System Name BUBSTER
Processor I7 10700K + (Laptop Ryzen 4700U)
Motherboard Z490 Gigabyte Aorus Elite Pro AX
Cooling Deepcool Gamer Storm Captain 240 EX
Memory 32GB G.Skill Trident Z RGB LED DDR4 3866MHz 4x8GB
Video Card(s) Asus GeForce RTX 2060 Super Dual OC
Storage Samsung 970 evo Plus M2 +WD SN750 Black+2 Tb RAID 0 Samsung 850 EVO 500GB X4 + 12 TB HDD
Display(s) Sony Bravia KD-55X8505C
Case Corsair Carbide Air 540
Audio Device(s) Asus Xonar Essence STX II
Power Supply Corsair AX 850 Titanium
Mouse Corsair Gaming M65 Pro RGB + Razr Taipan
Keyboard Asus ROG Strix Flare Cherry MX Red + Corsair Gaming K65 lux RGB
Software Windows 10 Pro x64
Benchmark Scores overall: 19177 Graphics 3d Mark : 15523
Don't they use Azure or AWS with Proper Security, They must have multiple Back ups and freeze their bank accounts and transactions Temporary!!!
 
Joined
Oct 18, 2013
Messages
2,641 (0.96/day)
Location
Left @Booneys Ave, go 22.96 miles then right 2 mi.
System Name The Big RED One
Processor i9-9900k, oc'd to 5.2 ghz
Motherboard Asus ROG Maximus Hero Wifi Z390
Cooling Corsair H115i pro AIO 560mm push/pull, 11x Corsair 140mm ML RGB Fans, 5 in a modded rack config
Memory 64GB Corsair Vengance RBG pro DDR4-3200 (4x 16GB) in XMP2
Video Card(s) Evga RTX 3080 w/15% O/C
Storage 2x WD Black SN750 1TB m.2 + 4TB Crucial SSD + WD 12TB external HDD
Display(s) 2x Samsung 43" LCD's @4k-1440p
Case Thermaltake TT900 Supertower
Audio Device(s) On-board Intel AC9260 wireless, JBL Studio Pro Bluetooth Speakers
Power Supply EVGA G2 SuperNova 850W Modular
Mouse Logitech MX Master 2
Keyboard Logitech G613 mechanical wireless
Software Windows 10 pro 64 bit, with all the unnecessary background shitzu turned OFF !
Benchmark Scores Quicker than flies on a dung pile
Yep, my company was on top of this and had things backed up in multiple places, thereby avoiding any disruptions in our services...whew.... so we dodged that one pretty well..

GO IT team :)
 
Joined
Mar 14, 2018
Messages
80 (0.07/day)
Just a quick note... the vulnerability was out in the wild for months before it was announced so even if you were “quick to patch” you could have easily have been hit.

The criminals behind the attack.
Used to be “bad actors” but I guess the bad part has been dropped as to not offend any of those with a poor theatrical disposition :)
 
Joined
Dec 26, 2006
Messages
689 (0.13/day)
Location
Northern Ontario Canada
System Name Just another PC
Processor Ryzen 1700
Motherboard Gigabyte GA-AX370-K3
Cooling Noctua NH-C12P SE14
Memory DDR4-2133 2x16GB
Video Card(s) XFX RX480 8GB
Storage Samy 960 EVO 500GB m.2, 1TB SSD & a 2TB spinner
Display(s) LG 27UL550-W
Case Be Quiet Pure Base 600 (no window)
Audio Device(s) Realtek ALC1220
Power Supply EVGA Supernova G2 550W
Mouse Mionix Naos 8200
Keyboard Corsair Strafe with browns
Software W10 Pro x64 v2004
Benchmark Scores Wife says it's fast
probably some users whose warranty was denied ;)
 
Joined
Mar 20, 2017
Messages
25 (0.02/day)
System Name PeaceMaker
Processor Intel Core i7-920
Motherboard Gigabyte GA-X58A-UD3R (rev. 2.0)
Cooling Coolermaster Hyper N520
Memory Kingston 2x4GB 1333MHz DDR3 Non-ECC CL7
Video Card(s) XFX HD 7870 Double Dissipation Edition
Storage Kingston HyperX 3K 480GB SSD
Case open air
Audio Device(s) non
Power Supply CORSAIR RM650X 650W 80 PLUS GOLD
Mouse Razer DeathAdder Chroma
seems the windows environment has plenty of weak points.

any simple way to dodge this kind of attack?
 
Joined
Oct 22, 2014
Messages
11,859 (4.96/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel i5-9600KF
Motherboard NZXT N7 Z370 Black
Cooling Cooler Master 240 RGB AIO / Stock
Memory Thermaltake Toughram 16GB 4400MHz DDR4 or Gigabyte 16GB 3600MHz DDR4 or Adata 8GB 2133Mhz DDR4
Video Card(s) Asus Dual 1060 6GB
Storage Kingston A2000 512Gb NVME
Display(s) AOC 24" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Pro 64 bit
seems the windows environment has plenty of weak points.

any simple way to dodge this kind of attack?
Disconnect from the internet.
Seriously, mission critical data should be intranet only.
 
Top