Acer reportedly targeted by Ransomware Gang

PC and Device Manufacturer reveals that it was targeted by REvil

Scott Ferguson (Ferguson_Writes) •
March 21, 2021

(Source: Sergi via Flickr)

Acer, one of the world’s largest manufacturers of PC and gadgets, has been reportedly targeted by the REvil ransomware gang, aka Sobinokibi, according to numerous published reports.

See also: Live webinar | Mitigating the risks associated with remote working

On Thursday, the REvil gang leaked what it says is Acer company data to their darknet “news” site and reportedly wanted $ 50 million from a Taiwanese company, according to Bleeping Computer, which reported on the first attack and which is a copy of the ransom note.

Acer has not formally confirmed that it has been attacked or that data posted to the REvil darknet site is valid. A company official told Bleeping Computer “an investigation is ongoing and for security reasons, we are unable to comment on details.”

The source gave the Information Security Media Group several screenshots from the REvil darknet site that reportedly show messenger data, payment claim forms and other information the gang allegedly stole from Acer during an attack.

The REvil darknet site was reportedly screenshot showing Acer data

An Acer spokesperson could not be immediately reached for comment, but the company released a statement: “Acer regularly monitors its IT systems, and most of cyberattacks are well protected. Companies like us are constantly under attack, and we have recently reported unusual circumstances of the relevant law enforcement and data protection authorities in several countries. “

Acer is one of the world’s largest manufacturers of PCs, smartphones, gadgets and other hardware, such as desktop monitors. In the fourth quarter of 2020, it ranked fifth in PC shipments worldwide, with more than 6.5 million desktops and laptops shipped through the quarter, according to a January study published with IDC.

Withdrawal requests

REvil is one of several criminal cyber organizations that use what analysts call a double-target, victim-centered approach. Not only does the organization use crypto lock malware to encrypt data and files at a victim’s network, but the cybercrooks then steal and threaten to publish that information if requests are not met. This puts extra pressure on paying victims.

In addition to its extraction methods, REvil is known to demand multi-million-dollar payments from victims to return data and decrypt files. For example, Travellex, a London-based foreign exchange that does business in 26 countries, including the US, paid the ransomware gang $ 2.3 million in 2020 to retrieve their data after an attack (see : Travellex Paid $ 2.3 Million to Ransomware Gang: Report).

And while REvil has requested and received million-dollar payments, the alleged $ 50 million ripping attempt against Acer is highly unusual and appears to have been designed to force the company at least a share of that to pay, said Brett Callow, a security threat analyst at security. Emsisoft company.

“When organizations make big requests like this, I’m not sure they expect to be paid – at least not in full demand,” Callow says. The demand is far more likely to encourage companies to raise their policy boundaries and make them feel lucky – and therefore more likely to pay – when they are hit by a ‘small’ demand of $ 10 million. “

Ransom Applications

Whether it’s REvil or other ransomware groups, profits from these types of cyber are still going up, according to security researchers.

Earlier this month, analytics firm Blockchain Chainalysis published a report that found about $ 370 million in known 2020 ransomware profits – through paid crushing. This is a staggering 336% increase over recognized earnings 2019 (see: Mark of Ransomware Success: $ 370 Million in 2020 Profits).

One possible reason for this rise in ransomware profits is that gang groups are targeting critical infrastructure, such as government agencies and health care agencies, that have overrun the disease. COVID-19 release, according to a study by Trend Micro.

During this time, REvil, or Sodinokibi, has been one of the most prolific ransomware groups in operation. IBM Security X-Force found that about 22% of the ransomware incidents it investigated in 2020 involved REvil, and the group apparently bragged to a Russian underground forum that they has earned $ 12 million in 12 months.

REvil is also known to target vulnerable remote connections to seize networks as part of its attacks. For example, when the gang was targeting the famous New York law firm of Grubman Shire Meiselas and Sacks, it appeared that the cybercriminals were exploiting a fault in the Pulse Secure VPN server to gain a foothold (see : Hacked law firm may have obtained a secure VPN without a hack).

.Source