December 9, 2023

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.

The ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files.These leaked images are for documents that include financial spreadsheets, bank balances, and bank communications.

Acer data leak on REvil ransomware site

“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”

“We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.” – Acer.

Higheest ransom demand

The attackers also offered a 20% discount if payment was made by this past Wednesday. In return the ransomware gang would provide a decryptor, a vulnerability report, and the deletion of stolen files.

Acer ransom demand on Tor payment site

The REvil operation offered a cryptic warning to Acer “to not repeat the fate of the SolarWind.”REvil’s 50 million demand is the largest known ransom to date.

Possible Microsoft Exchange exploitation

The Revil gang recently targeted a Microsoft Exchange server on Acer’s domain.

Andariel feed showing targeting of Acer Exchange Server

The threat actors behind the DearCry ransomware have already used the ProxyLogon vulnerability to deploy their ransomware but they are a smaller operation with fewer victims. If REvil did exploit the recent Microsoft Exchange vulnerabilities to steal data or encrypt devices, it would be the first time one of the big game-hunting ransomware operations used this attack vector.