Computer Manufacturer Targeted by REvil Ransomware Gang
Note: We are reader supported and may earn a small commission when you click on links in posts
Computer and device manufacturer Acer is reportedly the target of a ransomware attack. The REvil ransomware gang has posted screenshots of data exfiltrated in the attack. REvil ransomware, also known as Sodinokibi or Sodin ransomware, typically targets large enterprise corporations with a perceived ability to pay their enormous ransom demands.
The ransom demand is a record breaking $50,000,000 USD – larger than any other reported attack.
REvil ransomware attackers have posted the stolen Acer corporate data to its dark web news site.
REvil ransomware is not used by only one group of cybercriminals. The malware is distributed as a ransomware-as-a-service (RaaS) model. This is a marketing structure where successful attackers using REvil pay a percentage of the ransom to the developers who maintain the code.
REvil attackers are known for ratcheting up the pressure to pay their ransom demand. The REvil gangs raise prices if the victim delays paying. They typically sell the stolen data on the dark web to the highest bidder if the demands are not met.
“Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries,” replied in response to their inquiry about the data.
Stolen Acer data includes financial data in the form of spreadsheets, bank balances, and banking related communications according to Bleeping Computer.
Acer – REvil Ransomware Negotiations
Cyber Security researchers at TechTarget also discovered a dark web conversation between an Acer negotiator and attackers. The messages began on March 14 with REvil offering a twenty percent discount if the ransom was paid by March 17. The price skyrockets to $100 million on March 28.
Travelex paid $2.3 million in ransom to the REvil attackers. Canadian agricultural company Agromart Group was also a victim.
Acer is a global computer, hardware, and electronic device manufacturer. The company is located in Xizhi, New Taipei City.
The Acer statement also said the company is in contact with law enforcement and cannot comment further.
How Do You Defend Against Ransomware?
- Ransomware is often sent via email, messaging apps, or online forums. Don’t click on links or download files from unknown sources
- Malware attacks often take advantage of known vulnerabilities. Patch all hardware and software as soon as updates become available
- Use a reliable anti-virus app to protect all computers and phones
- Disable macros in Microsoft Office for Word Docs and Excel
- Maintain a backup of all important data.