A hacking group is demanding $50 million from Acer, Bleeping Computer reported, in what appears to be one of the biggest ransomware demands to date. According to Bleeping Computer, the attackers may have gained access to the Taiwanese computer manufacturer’s network via a Microsoft Exchange vulnerability. The REvil group that carried out a ransomware attack on Travelex last year is believed to be behind the Acer breach as well.
According to Bleeping Computer, the attack was carried out by the REvil hacker group, which announced on its data leak site that it had breached Acer. As proof, the group shared images of the alleged files they had stolen, which include financial spreadsheets, bank balances, and bank communications. If true, this would be the largest attempted ransom ever demanded. In 2020, the highest attempted ransom to date was $30 million, ZDNet reported.
REvil is the same group linked to the Travelex attack in 2020. Reports from that time stated the group had asked for a $6 million ransom. In the end, the company supposedly paid the REvil group roughly $2.3 million worth of bitcoin.
When asked about the situation, Acer wouldn’t admit that it was a ransomware attack, only telling Bleeping Computer in a statement that it has “reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.” It was Advanced Intel’s Andariel cyberintelligence platform that tied the security breach to a Microsoft Exchange vulnerability. If you’ll recall, Microsoft recently released patches for four Exchange vulnerabilities that bad actors have been exploiting. It’s believed that a Chinese state-sponsored was behind most of the attacks involving the Exchange flaws, but other groups may have also taken advantage.
