Acer REvil Ransomware Attack: Status and Recovery Update


REvil ransomware has attacked Acer and demanded a $50 million extortion from the PC giant, according to BleepingComputer. The attack may have exploited the recent Microsoft Exchange vulnerabilities, the report speculated, though that angle has not been publicly confirmed.

The details so far, according to BleepingComputer, include:

1. Acer’s Statement: The PC giant has not confirmed the REvil ransomware attack actually occurred. Acer told BleepingComputer: “There is an ongoing investigation and for the sake of security, we are unable to comment on details.”

2. Leaked Documents: The hackers leaked documents allegedly from Acer, including financial spreadsheets, bank balances, and bank communications.

3. Attack Timing: The attack started on March 14, 2021.

4. Hacker Demand: $50 million.

5. Discount Offer: The attackers offered a 20 percent discount if payment was made by March 17, 2021.

6. Exhange Server Vulnerability Exploited? The Revil gang recently targeted a Microsoft Exchange server on Acer’s domain.

7. Attack Impact: The report did not say which portion of Acer’s network was allegedly hit by the attack nor did it describe the alleged damage.

8. Earlier REvil Attacks: The hacker group auctioned off sensitive data in 2020 hijacked from companies in an arm-twisted move to force victims to pay up or else. Also, the group attacked two large food distributors in 2020.

9. Multiple Ransomware Attacks: Organizations that are also dealing with recent ransomware attacks include Buffalo Public Schools and Molson Coors Beverage Company.

10. How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.

Source…