The REvil ransomware gang gained access to the systems of the Taiwanese computer giant Acer and stole sensitive data before encrypting data. It has been confirmed that a ransom demand was issued for $50 million to ensure the stolen files are deleted and for the keys to unlock the encrypted files. That demand is set to double to $100 million if prompt payment is not made.
According to Bleeping Computer, over the weekend, the REvil gang published a sample of data stolen from Acer on its data leak site. The leaked data includes financial spreadsheets, bank communications, and other sensitive information. Acer has publicly confirmed that the company has reported “recent abnormal situations” to appropriate law enforcement and data protection authorities in multiple countries which were discovered in March 2021 but did not confirm that it had suffered a ransomware attack.
The $50 million ransomware demand is believed to be the largest ever demand issued to a company to resolve a ransomware attack and beats the REvil gang’s previous highest ransom demand by around $20 million. According to Bleeping Computer, a 20% discount was offered if payment was made before March 17, 2021. It is unclear whether the ransom has, or will be, paid.
Few details have been released about the attack, including how the REvil gang gained access to Acer’s systems, although the attack has been linked to the recently discovered ‘Hafnium’ vulnerability in Microsoft Exchange, according to Flashpoint Director of Research, Vitali Kremez. The gang is not known to have targeted the vulnerability previously.
The group is highly active and has claimed responsibility for 9 ransomware attacks in Africa, Europe, Mexico and the U.S. in the past two weeks. The victims include two law firms, a construction company, an agricultural co-op, and an architectural firm in the United States, a Mexican and African bank, and a manufacturer in Europe.
The REvil gang was also responsible for the ransomware attack on Travelex, which took its systems offline for more than 2 weeks starting on 2019 New Year’s Eve. A $3 million ransom demand was issued in that case which doubled to $6 million, but was eventually negotiated down to around $2.3 million.