Ransomware demand of $50M from Acer is the biggest ever.
The biggest ransomware attack in history was observed on 18th March 2020 when cybercrime syndicate REvil demanded $50M from the PC manufacturer, Acer.
The details were revealed when REvil hackers published on their dark web leak sites that negotiations between them and the Taiwan-based firm had initially broken down.
Investigations confirm that the ransomware demand sits at a hefty amount of $50M which is to be paid in the Monero cryptocurrency.
The gang initially offered a 20% discount on their original demand with the condition that the money is handed over by 17th March and on the other hand, Acer’s negotiators had offered $10M.
As of yet, the gang has demanded that the money be paid until 28th March after which point the ransom will be doubled.
Acer gave their statement in which they stated that “there is an ongoing investigation and for the sake of security, we are unable to comment on details” but did not confirm that the REvil ransomware attack actually occurred.
As seen by Hackread.com, the hackers leaked documents allegedly belonging to Acer including financial spreadsheets, bank balances, and bank communications.
Screenshot shows Acer documents on REvil ransomware gang’s official dark web domain (Image source: Hackread.com)
The attack started on 14th March 2021 and the attack basically included exchange server vulnerability exploitation where the REvil gang targeted the Microsoft Exchange server on Acer’s domain.
However, the report did not say which portion of Acer’s network was allegedly hit by the attack nor did it describe the alleged damage.
There are still only limited infections of a new strain of ransomware – DearCry – which have been observed taking place via ProxyLogon but this would be the first public disclosure of a major ransomware operation exploiting the vulnerabilities and this, in turn, leave on-premise Microsoft Exchange Servers to takeover.
Previous attacks by REvil hackers
Some of the other ransomware attacks by REvil include them extorting a New York-based law firm in May last year, threatening to release sensitive files on the company’s celebrity clients unless the firm paid a $42M ransom demand.
Before that, the group hit Travelex during the 2020 New Year’s Eve, which resulted in the company’s online services being put offline two weeks following the incident.
In September 2020, the State Bank of Chile also suffered a cyberattack from REvil group and asked to pay the ransom. Moreover, in December 2020,
Regarding the Acer attack itself, Ralph Pisani, president at Exabeam, commented that this large-scale attack represents how increasingly sophisticated cybercriminals have gotten with their attacks.
“The attack on Acer with a $50M ransom is very concerning, and we believe it may lead to a cycle of attacks that target more companies with even larger ransoms. Ransomware remains a security Achilles heel. Understanding ‘normal’ versus ‘abnormal’ behavior sheds light on the presence of ransomware, yet far too few organizations are able to see the canary in the coal mine.”
“However, organizations that do reconnaissance, taking the time to understand normal behavior, will uncover the ransomware as abnormal before it strikes. If organizations want to detect ransomware before it’s too late, user and entity behavior analytics (UEBA) is the only technology that can detect behavioral deviation and spot malicious activity at far earlier stages of an attack.”
“Since ransomware strikes fast, the window of opportunity for killing and cutting it out is small. Traditional correlation rules do not work because they require too many rules and generate far too many false positives. Organizations without advanced analytics in SecOps are extremely vulnerable to being preyed upon by ransomware.”