REvil Ransomware Operators Attack Acer, Demand $50 Million

Taiwanese company Acer, the world’s sixth-largest computer manufacturer with about 6% of global sales, has fallen victim to a ransomware attack by the REvil group. The attackers are demanding a record-breaking ransom of $50 million from the company.

Late last week, the hackers posted a message on their website claiming they had breached Acer’s systems. To prove their claim, they shared screenshots of files allegedly stolen from the company. The published images include documents, financial spreadsheets, bank balances, and banking communications.

Acer representatives have already commented on the situation but are avoiding directly confirming a ransomware attack. Instead, the company stated that they have reported an “abnormal situation” to law enforcement authorities, but cannot disclose details while the investigation is ongoing.

Negotiations and Threats

According to The Record, Malwarebytes analysts tracked another hacker site on the dark web where victims negotiate with the attackers. It was revealed that an Acer representative was shocked by the $50 million demand, and negotiations quickly stalled. At one point, the REvil operators even issued threats, vaguely warning Acer not to “repeat the fate of SolarWinds.”

Largest Ransom to Date

The $50 million ransom is the largest ever demanded in such an attack. The previous record was $30 million, which REvil demanded from Dairy Farm, another company they targeted.

Possible Exploitation of Microsoft Exchange Vulnerabilities

Bleeping Computer reports that cybersecurity expert Vitali Kremez discovered that the REvil group had recently targeted a Microsoft Exchange server in Acer’s domain. Notably, attackers behind the DearCry ransomware have already used ProxyLogon vulnerabilities to deploy ransomware on vulnerable systems at smaller companies. It is likely that REvil operators used a similar method in this attack.