Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

ACER Hit with Largest Known Ransomware Demand Yet: $50 Million

March 24, 2021

BleepingComputer reported on March 19 that computer giant Acer has been hit by a REvil ransomware attack where the cybercriminals are demanding the largest known ransom to date, $50,000,000.

Acer is a Taiwanese electronics and computer maker known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and had revenues of $7.8 billion in 2019.

On March 18, REvil announced on their data leak site that they had breached Acer and shared images of allegedly stolen files to prove it. The leaked images included financial spreadsheets, bank balances, and bank communications.

In response to BleepingComputer’s inquiries, Acer did not provide a clear answer regarding whether they suffered a REvil ransomware attack.

Acer’s complete response was:

“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.

We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.”

In response to requests for further details, Acer said “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”

The REvil ransomware sample used in the Acer attack that demanded a whopping $50 million ransom was seen by BleepingComputer.

In conversations between the victim and REvil, which started on March 14th, the Acer representative manifested shock at the massive $50 million demand.

The REvil representative shared a link to the Acer data leak page, which was secret at the time.

The attackers offered a 20% discount if payment was made by March 17. In return the ransomware gang would provide a decryptor, a vulnerability report, and the deletion of stolen files.

The REvil operation warned Acer “to not repeat the fate of the SolarWind.”

REvil’s $50 million demand is the largest known ransom to date, with the previous being the $30 million ransom from the Dairy Farm cyberattack, also by REvil.

Apparently, Advanced Intel’s Andariel cyberintelligence platform detected that the REvil gang recently targeted a Microsoft Exchange server on Acer’s domain.

If REvil did exploit the recent Microsoft Exchange vulnerabilities to steal data or encrypt devices, it would be the first time one of the major ransomware gangs has used this attack vector.

$50 million is one heck of a price tag. Undoubtedly, more developments to follow . . .

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email:  Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson