The ransomware gang known as ‘REvil’ stole confidential files from computer giant Acer and demanded an unprecedented ransom of US$50 million. The group also posted online images of allegedly stolen spreadsheets, bank balances, and bank texts, in order to prove their claims of having hacked into the Taiwan company’s network.
According to security researchers, hackers may have exploited a Microsoft Exchange vulnerability to gain entry into the company’s network. The $50 million demand of Acer is the largest-ever ransom demand to become publicly known, Callow said, larger than the $42 million REvil wanted from celebrity law firm Grubman Shire Mieselas & Sacks, who counted Nicki Minaj, Mariah Carey, and Lebron James among its clients.
When asked about the situation, Acer wouldn’t admit that it was a ransomware attack, only telling Bleeping Computer in a statement that it has “reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.” In the request for further details, Acer replied, “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”
According to the Record’s report, Acer’s name appeared on the REvil ransomware group’s list of companies that do not pay extortion fees. With the help of malware intelligence analyst Marcelo Rivero, The Record managed to track down the gang’s other dark web portal, which clearly displayed the $50 million ransom the gang demands from Acer and the online chat the gang was using to communicate to the company’s representatives.
Before the attack, Advanced Intel’s Andariel cyberintelligence platform detected that the REvil gang recently targeted a Microsoft Exchange server on Acer’s domain and used the ProxyLogon vulnerability to install their ransomware.