Who saves the IT infrastructure when the IT team is in danger?
A group thought to have ties to Russian intelligence just hit Acer with a $50 million ransomware attack, likely accomplished by penetrating their systems through a new vulnerability on Microsoft Exchange.
Acer, a publicly-traded Taiwanese company, has until March 28 to decide if they’ll pay the ransom to remove the REvil software. The attackers offered a 20% discount for a payment made by last Wednesday, but Acer didn’t bite. If paid by March 28, the organization will give Acer a file decryption key, a vulnerability report, and confirmed deletion of the stolen files.
But $50 million is the largest ransomware bounty ever requested, and it’s unclear if Acer will pay. The company has not publicly acknowledged the attack, but REvil sources and Bleeping Computer research have confirmed it. In a statement to Bleeping Computer, Acer said:
|Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”|
“We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.
The RaaS operation is also behind other recent ransomware attacks. Grubman Shire Meiselas & Sacks, former President Donald Trump, Lady Gaga, and Madonna are some of the software’s recent victims.
The Acer attack is the ransomware’s first go at an enterprise ransom, but it’s likely not the development team’s first large-scale attack. Because of similarity in code and style, cybersecurity experts believe REvil is an offshoot of GandCrab, a ransomware whose owners publicly retired in 2019.
Despite reporting over a $2 billion profit with GandCrab, its creators decided to quit at the height of their publicity. Many believe that the group had internal factions, but other experts think law enforcement was gaining on the group, causing the team to disband.
Either way, Acer has a difficult decision to make in the coming week. Despite working with experts, paying the $50 million might be the only way to keep their client and distributer data private.
Need help updating your IT security? Check out this free phishing security software to see how protected your business is, or contact our IT team to see how we can help you.
Bleeping Computer has the full story.