The REvil ransomware gang is demanding $50 million from Taiwanese computer manufacturer Acer, according to Bleeping Computer, The Record and other sources, and it may have exploited a Microsoft Exchange vulnerability to gain entry into the company’s network. That’s one of the largest — if not the largest — ransomware demands to date, likely made because Acer is a massive corporation that reported almost $3 billion in earnings for the fourth quarter of 2020.
The group, which was also behind the $6 million ransomware attack on Travelex last year, announced that it had breached Acer on a dark web portal earlier this week, even posting it with some images for proof. It’s apparently giving the company until Marc 28th to pay up before leaking the data it stole on the web. In a conversation between REvil and an Acer rep that Bleeping Computer saw, the hackers offered the company a 20 percent discount if payment was made this past Wednesday.
When asked about the situation, Acer wouldn’t admit that it was a ransomware attack, only telling Bleeping Computer in a statement that it has “reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.” It was Advanced Intel’s Andariel cyberintelligence platform that tied the security breach to a Microsoft Exchange vulnerability. If you’ll recall, Microsoft recently released patches for four Exchange vulnerabilities that bad actors have been exploiting. It’s believed that a Chinese state-sponsored was behind most of the attacks involving the Exchange flaws, but other groups may have also taken advantage.