Taiwanese tech giant Acer is the latest company to fall victim to relentless hackers. What makes the Acer breach especially noteworthy is the fact that the group behind the attack is demanding a fifty-million-dollar ransom, which is the highest figure any group has ever demanded. The only thing that even comes close was another REvil attack, this one against a Dairy Farm, where the hackers demanded a hefty thirty million dollar ransom.
The company was struck with the REvil ransomware. It is increasingly common among these types of attacks that prior to encrypting the company’s files, the group makes off with a wide range of sensitive company data. As proof of their misdeeds, they published a small fraction of it and threatened to release the rest if their demands aren’t met. Based on the sample, it appears that the group made off with a variety of financial spreadsheets, bank balance information and assorted banking communications.
In addition to the sheer size of the ransom, another point of interest where this attack is concerned is that the group behind it seems to have exploited recently reported Microsoft Exchange Server vulnerabilities to execute the attack and successfully breach Acer’s defenses. If indeed this proves to be the case, it marks the first time one of the “big game-hunting” ransomware groups has utilized that particular exploit.
Acer’s formal response to the incident, which is still under investigation, reads as follows:
“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.
We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.”
Dark days for Acer, and it should put everyone in the IT field on notice. No one is safe.