Taiwanese electronics giant Acer has reportedly suffered a disastrous REvil ransomware attack and to make it worse, has received a ransom demand of 428302 XMR (£35.9 million), a record for the ransomware operations industry.
The ransomware attack that struck Acer, which earned a revenue of over £7 billion in 2020 thanks to a surge in demand for gaming PCs, notebooks, and Chromebooks, reportedly involved the use of the REvil ransomware. REvil is a popular ransomware variant that was also used by hackers to force Travelex to cough up $2.3 million in ransom last year.
According to Bleeping Computer which first broke the news, the REvil ransomware gang is threatening to double the ransom figure in case Acer fails to pay the £35.9 million by March 28. The hackers have the electronics giant’s financial spreadsheets, bank balances, and bank communications using which they are attempting to extort the company into paying up.
Acer is yet to acknowledge the ransomware attack publicly. The company, however, has let in on the fact that it has reported a “recent” abnormal situation to law enforcement and data protection authorities. Here’s the company’s statement that was shared with multiple news agencies:
“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.
“Acer discovered abnormalities from March and immediately initiated security and precautionary measures. Acer’s internal security mechanisms proactively detected the abnormality, and immediately initiated security and precautionary measures.”
While complete details of the ransomware attack are still not available, the REvil ransomware gang has reportedly uploaded an ‘Auction list’ of Acer data on its dark web “leaks” site. This could be a bluff to force Acer to pay up quickly or hackers may have obtained vast amounts of data from the company’s breached systems.
“The attack on Acer with a $50M ransom is very concerning, and we believe it may lead to a cycle of attacks that target more companies with even larger ransoms,” says Ralph Pisani, president at Exabeam. “Ransomware remains a security Achilles heel. Understanding ‘normal’ versus ‘abnormal’ behaviour sheds light on the presence of ransomware, yet far too few organisations are able to see the canary in the coal mine.
“Organisations that do reconnaissance, taking the time to understand normal behaviour, will uncover the ransomware as abnormal before it strikes. If organisations want to detect ransomware before it’s too late, user and entity behavior analytics (UEBA) is the only technology that can detect behavioural deviation and spot malicious activity at far earlier stages of an attack.
“Since ransomware strikes fast, the window of opportunity for killing and cutting it out is small. Traditional correlation rules do not work because they require too many rules and generate far too many false positives. Organisations without advanced analytics in SecOps are extremely vulnerable to being preyed upon by ransomware,” he adds.