Acer reportedly hit by $50 million ransomware attack

And the attackers may have used a Microsoft Exchange vulnerability to gain entry into Acer's systems.

Sponsored Links

Mariella Moon
March 20th, 2021
In this article: news, gear, ransomware, REvil, Acer
BOSTON, MA - MARCH 19: Boston Public Schools employee Giscar Centeio holds two laptops as he does a dry run going door to door handing out Acer chromebooks to students in Boston on March 19, 2020. Students have to do classwork from home now that all Massachusetts schools have closed to stop the spread of coronavirus. (Photo by Jessica Rinaldi/The Boston Globe via Getty Images)
BOSTON, MA - MARCH 19: Boston Public Schools employee Giscar Centeio holds two laptops as he does a dry run going door to door handing out Acer chromebooks to students in Boston on March 19, 2020. Students have to do classwork from home now that all Massachusetts schools have closed to stop the spread of coronavirus. (Photo by Jessica Rinaldi/The Boston Globe via Getty Images) Boston Globe via Getty Images

The REvil ransomware gang is demanding $50 million from Taiwanese computer manufacturer Acer, according to Bleeping Computer, The Record and other sources, and it may have exploited a Microsoft Exchange vulnerability to gain entry into the company's network. That's one of the largest — if not the largest — ransomware demands to date, likely made because Acer is a massive corporation that reported almost $3 billion in earnings for the fourth quarter of 2020.

The group, which was also behind the $6 million ransomware attack on Travelex last year, announced that it had breached Acer on a dark web portal earlier this week, even posting it with some images for proof. It's apparently giving the company until March 28th to pay up before leaking the data it stole on the web. In a conversation between REvil and an Acer rep that Bleeping Computer saw, the hackers offered the company a 20 percent discount if payment was made this past Wednesday.

When asked about the situation, Acer wouldn't admit that it was a ransomware attack, only telling Bleeping Computer in a statement that it has "reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries." It was Advanced Intel's Andariel cyberintelligence platform that tied the security breach to a Microsoft Exchange vulnerability. If you'll recall, Microsoft recently released patches for four Exchange vulnerabilities that bad actors have been exploiting. It's believed that a Chinese state-sponsored was behind most of the attacks involving the Exchange flaws, but other groups may have also taken advantage.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Popular on Engadget