PC giant Acer attacked by ransomware gangs — demanded $50 million to not leak on dark web — decrypt the company’s computers.

REvil Ransomware

Acer, Taiwan’s very own PC giant, hit by a ransomware attack by notorious ransomware group REvil.

Ransomware Evil(REvil/Sodinokibi) — a ransomware-as-a-service (RaaS) operation, over the past year it has extorted large amounts of money from organizations worldwide.

In addition, first appeared in April 2019 and rose to prominence after another RaaS gang called GandCrab shut down its service.

Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

However, IBM Security X-Force estimated REvil hit at least 140 organizations since it appeared with wholesale, manufacturing, and professional services being the most frequently targeted industries.

Around 60% organizations from the US, followed by UK, Australia and Canada are gang’s victims.

Similarly, the threat actors targeted computer giant Acer, demanding the largest known ransom to date — $50,000,000.

Data Leak On Dark Web

Acer reported recent abnormal situations relevant to LEAs and DPAs but did not confirmed it as a REvil ransomware.

In addition, the company has already reported the issue to the relevant law enforcement and data protection authorities in multiple countries.

Yesterday, the ransomware gang announced — they had breached the allegedly stolen files and as proof shared some images of the data leaked on their site.

However, to BleepingComputer’s inquiries, Acer did not provide a clear answer regarding whether they suffered a REvil ransomware attack.

Huge Ransom Demand

Certainly, On March 14th, the Acer representative communicated REvil, the conversation shocked the victim as $50 million ransom demanded.

In return the ransomware gang would provide a decryptor, a vulnerability report, and the deletion of stolen files.

On the other hand, threat actor shared a link to the data leak page and also offered  20% discount if payment was made by this past Wednesday.

Security Actions

Moreover, researchers suspect that Revil gang recently targeted a Microsoft Exchange server on Acer’s domain.

If REvil did exploit the recent Microsoft Exchange vulnerabilities to steal data or encrypt devices, it would be the first time one of the big game-hunting ransomware operations used this attack vector.

However, below are security recommendations for the businesses to defend against ransomware attacks:

• Monitor privileged accounts for suspicious behavior.
• Block unneeded SMB and RPC communications between endpoints that can be used for lateral movement.
• Reduce the attack surface on endpoints with stricter access control rules on folders and processes.
• Secure network shares and train employees on how to detect phishing attempts
• Have a data backup process in place that stores backups offsite