Acer Computer Giant Hit Hard by REvil Ransomware - $50 Million Ransom

Last week, the Bleeping Computer reported that computer giant Acer was hit hard by a REvil ransomware attack with a hefty $50 million price tag. 

What Happened?

Last week REvil’s data leak website showed images stolen from Acer in the ransomware attack as proof. Some of the data leaked included financial statements, spreadsheets, bank communications, and bank account balances. 

The Bleeping Computer tried to get a comment from Acer, but they only responded that they ”reported recent abnormal situations” to relevant LEAs and DPAs.”

According to The Bleeping Computer their complete response reads, “Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”

”We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cybersecurity disciplines and best practices and be vigilant to any network activity abnormalities.” - Acer.”

Stating security reasons, Acer declined to comment any further about the incident, simply saying that “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”

The Details

The ransom note left on Acer’s system reads like a software ad with icons and a description of the “General-Decryptor” software needed to unlock all the files, photos, and databases. 

The shocking demand of $50 million doubles to $100 million if not paid within eight days. 

Experts claim that this is the most significant known ransomware demand so far. Threat actors know that Taiwanese company Acer has deep pockets with 7,000 employees and annual revenue of $7.8 billion. Acer makes monitors, desktop computers, and laptops. 

According to The Bleeping Computer a chat with hackers revealed that “The attackers also offered a 20% discount if payment was made by this past Wednesday. In return, the ransomware gang would provide a decryptor, a vulnerability report, and the deletion of stolen files.”

At one point, the REvil operation offered a cryptic warning to Acer ‘to not repeat the fate of the SolarWind.’”

There is no word yet whether or not Acer chose to pay the $50 million ransom or ride it out. 

Is it Related to the Microsoft Exchange Issues?

Recently news broke of various Microsoft Exchange bugs putting users at risk. The Bleeping Computer was informed that “Advanced Intel’s Andariel cyber intelligence platform detected that the Revil gang recently targeted a Microsoft Exchange server on Acer’s domain.”

The REvil gang has a history of using Microsoft Exchange as a point of entry. 

How Companies Can Stay Safe from Ransomware

Big companies are becoming targets for ransomware more often, especially those with a healthy bottom line. Some ways companies can stay safe from ransomware are: 

• Educate all employees all the way up through management on cybersecurity and safety.

• Watch out for phishing emails.

• Keep abreast of any cyber threats and system vulnerabilities. 

• Update hardware and software as soon as security patches are available.

• Run good, strong antivirus/anti-malware on every device.

• Disallow outside devices that could be infected with malware to connect to your network. 

• Never click links or download attachments in emails.

• Verify everything before taking any action or sharing information. 

• Verify the sender of all emails. 

• Use strong passwords and never reuse them on multiple accounts. 

• Keep good backups of the entire network if something happens, and you need to restore all systems back to normal.