Computer giant Acer has been hit by a Revil ransomware attack where the criminals are demanding a massive $50 million .

Cause of the Breach:

The hackers have accessed Acer documents that include financial spreadsheets, bank balances, and bank communications. Reportedly compromising its network via a Microsoft Exchange server vulnerability.

The Cyber team detected that the Revil gang targeted a Microsoft Exchange server on Acer’s domain.

Highest known ransom demand:

The ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof.

 

The attackers also offered a 20% discount if payment was made by a certain time. In return the ransomware gang would provide a decryptor, a vulnerability report, and the deletion of stolen files.

At one point, the Revil operation offered a cryptic warning to Acer “to not repeat the fate of the SolarWind.”

This attack was executed by five different hacking groups (including a China-backed hacking group called ‘Hafnium’) and they exploited vulnerabilities in the business email servers of Microsoft.

 

Remediation:

●       Microsoft has already released an emergency patch for its Exchange Server product, the most popular mail server worldwide.

●       The Cyber Defense team runs malware scans and they detect installed web shells, and removes threats that were detected.

●       It is more important that to mitigate attacks they need to conduct regular security assessments and ensure that the latest security patches are tested and deployed as soon as they are available.

●       Teams keep multiple copies of backups and encrypt confidential data so they can lean on them to restore systems and operations.