Acer hit by a $50 million ransomware attack: Report
A hacker group has demanded $50 million in ransom from Taiwanese PC maker Acer, according to Bleeping Computer. Attackers reportedly gained access to Acer’s network by exploiting a Microsoft Exchange vulnerability.
The hacker group has given Acer time until March 28 to pay the ransom else it will publish the data it claims to have accessed.
The report further said that a group known as ‘REvil’ was behind the attack on Acer. The same group is said to be responsible for the last year’s ransomware attack on Travelex, a London-based foreign currency exchange.
Acer did not explicitly confirm the ransomware attack but said the following in a statement: “The company routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”
The report also notes that it was the highest known ransom demand to date. Interestingly, hackers also offered a discount of 20% if the company made the payment by Wednesday. In return, attackers would give the company a decryptor, a vulnerability report, and delete the stolen files. During the conversation between Acer representatives and the hacker group, the attackers also warned the company of not replicating the fate of SolarWind.
An Advanced Intel’s Andariel cyber intelligence platform was able to detect that the REvil group had targeted Acer’s network. It also detected the security breach was linked to one of the vulnerabilities in Microsoft Exchange.
Microsoft had recently rolled out critical security patches to fix the Exchange vulnerabilities. So far, Chinese hackers were said to be behind the attacks using the Exchange exploits. But it looks like other hacker groups are also using the exploit, according to Engadget.
A Check Point Research report revealed that a total of 32 organisations in India were targeted by hackers who exploited vulnerabilities in Microsoft Exchange servers.