According to Bleeping Computer, The Record and other sources, the REvil ransomware gang has claimed $ 50 million from Taiwanese computer maker Acer and may have exploited a Microsoft Exchange vulnerability to gain access to the corporate network. This is one of the biggest – if not the biggest – ransomware requests likely because Acer is a massive company that made nearly $ 3 billion in profits in the fourth quarter of 2020.
The group, which was also behind the $ 6 million ransomware attack on Travelex last year, announced that it broke Acer on a dark web portal earlier this week and even posted some pictures as evidence. It appears to give the company until March 28th to pay before the data stolen from the web is lost. In a conversation between REvil and a representative from Acer that Bleeping Computer saw, the hackers offered the company a 20 percent discount if payment was made last Wednesday.
When asked about the situation, Acer did not admit that it was a ransomware attack, merely providing Bleeping Computer with a statement that it “reported unusual situations to recent law enforcement and data protection agencies in several countries.” It was Advanced Intel’s Andariel Cyberintelligence Platform that linked the breach to a Microsoft Exchange vulnerability. If you recall, Microsoft recently released patches for four Exchange vulnerabilities that were exploited by bad actors. A government-sponsored Chinese state is believed to be behind most of the Exchange bug attacks, but other groups may have taken advantage of this as well.