Tech Gaint Acer Hit by a REvil Ransomware – Attackers Demanding $50,000,000 Ransom

Taiwanese computer producer Acer has been hit by a REvil ransomware assault where the likelihood actors are demanding the finest identified ransom up to now, $50,000,000.

Acer is the enviornment’s sixth-finest PC vendor by unit sales as of January 2021 and well-identified for laptops, desktops, and displays.

Who is REvil?

A Computer Weekly file calls REvil “one of primarily the most active and unhealthy ransomware threats within the wild.” REvil is regularly identified as Sodinokibi, was first came upon in 2019 by Cisco Talos.

McAfee’s Developed Threat Research (ATR) team shared insights into the affiliates’ suggestions the usage of REvil, including distributing the ransomware via spear-phishing and weaponized documents.

These documents – batch recordsdata that download payloads from Pastebin to processes on the plot OS – compromises faraway desktop protocols (RDPs) and makes speak of script recordsdata and password cracking tools to distribute them over the plot community.

REvil on the total calls for ransoms between 0.44 and 0.forty five bitcoin, which is approximately $4,000.

The ransomware gang announced on their records leak assert that they’d breached Acer and shared some photos of allegedly stolen recordsdata as proof.

The leaked photos are for documents that consist of financial spreadsheets, bank balances, and bank communications.

Acer Ransome Demand

Valery Marchive of LegMagIT came upon the REvil ransomware sample worn within the Acer assault that demanded a whopping $50 million ransom.

In conversations between the sufferer and REvil, which started on March 14th, the Acer representative confirmed shock at the massive $50 million demand. Later within the chat, the REvil representative shared a hyperlink to the Acer records leak page, which was secret at the time.

The attackers also equipped a 20% slice worth if payment was made by this past Wednesday. In return, the ransomware gang would provide a decryptor, a vulnerability file, and the deletion of stolen recordsdata.

At one level, the REvil operation equipped a cryptic warning to Acer “to no longer repeat the destiny of the SolarWind.”

REvil’s 50 million demand is the finest identified ransom up to now, with the outdated being the $30 million ransom from the Dairy Farm cyberattack, also by REvil.

Doable Microsoft Change exploitation

“Developed Intel’s Andariel cyberintelligence procedure detected that one particular REvil affiliate pursued Microsoft Change weaponization”, says Vitali Kremez.

If REvil did exploit the original Microsoft Change vulnerabilities to rob records or encrypt devices, it will seemingly be the most most distinguished time one of the ample sport-attempting ransomware operations worn this assault vector.

That you’ll be aware us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity and hacking news updates.

Also Learn