REvil ransomware operators posted nine screens on their website this evening claiming to be from computer maker Acer. Acer is currently the sixth largest computer manufacturer in the world. Apparently computers in the financial area were hacked: among the nine screens presented, one refers to balances in several bank accounts. Most of the screens presented have data on bank transactions or associated with customer and branch balances.
In addition to displaying the screens, operators warn that they will dump data soon. However, REvil operators make it unclear whether they are attempting to extort from stolen data or whether they have been able to encrypt workstations and servers.
REvil is currently known as one of the ransomware platforms that has earned the most money from its creators. The ransomware group REvil, also known as Sodinokibi or Sodin, is known for using double extortion tactics against its victims (one of whom was former US President Donald Trump) and for its robust operation of ransomware as a service, in which developers sell malware to customers or “affiliates” to launch their own campaigns.
Among its most recent victims is, for example, Banco Inmobiliario Mexicano, hit last week. Last week, one of its founding members gave an interview to The Record portal, saying that several members had access to weapons systems in the U.S., including one from missiles.
The average ransom paid to ransomware cybercriminals increased from $ 115,123 in 2019 to $ 312,493 in 2020. And in 2020, the highest demand for ransomware rose from $ 15 million to $ 30 million.
With international news agencies