Acer, a notorious Taiwanese computer and monitor manufacturer, has been infected with REvil ransomware, in which cybercriminals are demanding a $ 50 million bailout, one of the most expensive bailouts in history.
The announcement of the invasion was made on Thursday (18), by the REvil ransomware operators themselves, on the group’s website, where they also shared some files and images, allegedly stolen from Acer, as evidence. The leaked files and images include financial spreadsheets and bank transaction details.
According to Bleeping Computer, which contacted Acer to confirm the case and request a testimony in response to the cybercriminals’ allegation, the company’s response was unclear:
“Acer routinely monitors its IT systems and most cyber attacks are well defended. Companies like us are constantly under attack and we report recent abnormal situations observed to the relevant police and data protection authorities in several countries“an Acer spokesman told Bleeping Computer.
Cybercriminals offered a 20% discount for payment until March 17, as payment was not made, samples were leaked on the group’s website. Now, they are asking $ 50 million, which must be paid by March 28th. After that date, if not paid, the amount of the ransom doubles to US $ 100 million.
According to Bleeping Computer, the group is demanding payment for a tool to decrypt data, a vulnerability report and the promise to delete stolen files. Cybercriminals still ask the company to pay, “not to repeat SolarWinds’ fate.”
The $ 50 million bailout request is one of the largest ever applied to ransomware campaigns. In January of this year, the same REvil ransomware encrypted the data of the Asian, Dairy Farm, and asked for $ 30 million for the redemption, which was the highest amount applied in 2020, according to a retrospective by Palo Alto Networks.
Advanced Intelligence CEO Vitali Kremez said that cybercriminals possibly exploited vulnerabilities in Microsoft Exchance to infect Acer, farms that grew 1028% in the second week of March.
“Advanced Intelligence’s Andariel cyberintelligence system detected that a REvil affiliate, in particular, was looking for Microsoft Exchangand “, concludes Kremez in an interview with BleepingComputer.
Sources: Bleeping Computer; LeMagIT; SearchSecurity; The Hack.
See the original post at: https://thehack.com.br/fabricante-de-notebooks-e-infectada-por-ransomware-revil-que-pede-us-50-milhoes-pelo-resgate/?rand=48873