Acer was attacked by the REvil group, which placed the ransomware virus of the same name on the company’s servers and demands a ransom of $ 50 million from a well-known Taiwanese manufacturer of laptops, desktops and monitors. As evidence, the hackers provided part of the list of data to which they gained access. It includes financial statements, bank credit accounts, other financial documents, and employee information.

As the resource writes BleepingComputer, in a conversation with reporters, a company representative did not directly answer the question of whether they were really attacked by REvil. He only noted that they “Reported abnormal situations” to the relevant law enforcement agencies.

Screenshot of one of the financial documents of Acer, which ended up in the hands of hackers REvil

The full statement by an Acer employee is as follows:

“Acer regularly monitors its IT systems and is well protected from most cyber attacks. Companies like ours are quite often subjected to hacker attacks. We have reported recent incidents to law enforcement and data protection law enforcement agencies in several countries. We are constantly improving our cybersecurity infrastructure to protect our business and the integrity of our information. We strongly recommend that all companies and organizations do not neglect cybersecurity and be vigilant against any disruption to network activity. “.

When asked for more details, Acer replied that “An investigation is underway and for security reasons the company cannot comment on the situation in more detail.”.

French edition LegMagIT managed to find the message of the hackers REvil company Acer. In it, they demand to pay $ 50 million by March 28. For this, the hackers will provide Acer with a decryptor to decrypt the encrypted files. If the company does not pay by the specified date, then the buyback price will double.

Acer REvil hacker demand message

Resource BleepingComputer it was found out that one of the representatives of Acer had a meeting with a representative of the hacker group REvil on March 14. The amount of the ransom puzzled him to say the least. During the same conversation, a REvil spokesperson shared a link to a website that listed a list of documents the hackers had access to. In addition, cybercriminals have offered Acer a 20% cut in the ransom if the company pays them before Wednesday. Together with a decryptor for decrypting files, the attackers promised to delete the stolen files, as well as provide a report on the vulnerability through which they hacked into Acer servers. To be convincing, the REvil representative threatened “Do not repeat the fate of SolarWind”.

The ransom demand of $ 50 million is the largest known, notes BleepingComputer… In the past, Dairy Farm, a Hong Kong retailer whose servers were also hacked by the hacker group REvil, faced the largest ransom demand of $ 30 million.

According to Vitali Kremez, head of cybersecurity firm Advanced Intelligence, their Andariel platform discovered that a recent target of the REvil hackers was the Microsoft Exchange Server platform located in the domain owned by Acer.

“Advanced Intelligence’s Andariel system discovered that one particular group of hackers associated with REvil recently attempted to infect Acer’s Microsoft Exchange Server.”, – shared Kremez in a conversation with BleepingComputer.

Hacking log discovered by the Andariel platform

The source indicates that the ProxyLogon vulnerability in Microsoft Exchange Server has previously been used by hackers to populate the DearCry ransomware virus. However, the scale of the hack was much smaller back then.