Acer has been the target of a REvil ransomware attack, with the attackers demanding $50 million from the company to decrypt the data and not leak sensitive information on the web. This makes it the ransom demands ever made by a ransomware group.
The REvil ransomware group is one of the most notorious hacking groups out there. The same group is also responsible for the Dairy Farm hack and its $30 million ransom demand. Acer is the world's sixth-largest computer maker, so the record high ransom amount should not come as a surprise.
Acer Was Offered a 20% Discount on the Ransom Amount
The ransomware group revealed on the dark web last week that they had breached Acer's servers in early March and decrypted their back-office files. The breach has not affected Acer's production systems in any way. It also did not prevent the company from posting its financial results on March 17.
However, since REvil has hacked Acer's back-office network, they can access sensitive files like bank balances, bank communications, and financial spreadsheets. They have posted screenshots on the dark web of the files they have access to as proof.
BleepingComputer was also able to access the chats between an Acer representative and the attackers. The Acer negotiator initially expressed shock at the massive $50 million ransom demand. On their part, the ransomware group had offered Acer a 20% discount if they made the payment by March 17, though that did not happen.
If Acer meets their demand and pays them $50 million by March 28, the REvil group will share a decryptor to decrypt the encrypted files. Additionally, they will share a vulnerability report and delete all stolen files they have gained access to.
However, if Acer does not meet the demand by March 28, the hacker group will double their ransom demand to $100 million. Make sure to check out some tips to avoid being hit by ransomware if you think you are a potential target.
Acer Downplays the Attack
Acer has downplayed the attack and has not confirmed whether they have been the subject to a REvil ransomware attack or not.
Below is Acer's full response:
Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.
Eventually, the company did confirm an "ongoing investigation" and said it could not provide any further information on this matter for security's sake.
The Advanced Intel's Andariel cyber intelligence platform detected that the REvil gang targeted an exploit in the Microsoft Exchange server on Acer's domain for the hack. Microsoft had recently released a single-click security fix for some Exchange Server exploits.