The REvil ransomware attacked the Taiwanese company Acer (the sixth largest computer manufacturer in the world, accounting for about 6% of all sales). The cybercriminals are demanding from the manufacturer $50,000,000 that is the largest ransom in history.At the end of last week, the hackers posted a message on their website that they had hacked Acer, and as proof of this statement they shared screenshots of the files allegedly stolen from the company. Published images include documents, financial spreadsheets, bank balances, and bank messages.
Acer representatives have already commented on what is happening, but so far they avoid talking openly about the ransomware attack. Instead, the company said that it had already reported the “emergency” to law enforcement agencies, but while the investigation continues, they cannot disclose details.
The Record reports that analysts at Malwarebytes were able to track down another hacker site on the darknet, where victims are negotiating a ransom with attackers. Here you can see that the Acer representative was shocked by the demand of $50 million, and the negotiations were at an impasse. Journalists note that at some point, REvil operators turned to threats and vaguely advised Acer “not to repeat the fate of SolarWinds”.
The $50,000,000 ransom is the largest to date. The previous “record” was $30,000,000: the same REvil operators demanded the same amount from the hacked Dairy Farm company.
According to Bleeping Computer, specialist Vitaly Kremez discovered that some time ago the REvil hack group was targeting a Microsoft Exchange server in the Acer domain.
Recently, the attackers behind the DearCry ransomware have already exploited ProxyLogon vulnerabilities to deploy the ransomware on vulnerable systems of small companies. Probably the REvil operators could have gone the same way.
Let me remind you that REvil spokesman boasts that hackers have access to ballistic missile launch systems.