Credit: Dream
The Acer hardware vendor is said to have been lobbied by a ransomware attack by the organization called REvil, which is asking US $ 50 million to decrypt the locked data.
according to Bleeping Computing, Acer has until March 28 to pay the compensation, at which time the price will double to US $ 100 million.
The attack may have come from exploiting Microsoft Exchange, as cyber security firm, Advanced Vitali CEO Vitali Kremez, told Bleeping Computer that the company’s Andariel cyber intelligence platform reported that it appeared the group launched a target attack on a Microsoft Exchange server on Acer domain.
In addition, the attacker group apparently contacted an Acer representative on March 14, Bleeping Computer said, and offered a 20 percent discount if payment was made by next Wednesday, promise to delete the stolen files, as well as provide a decryptor and its vulnerability report.
If the attack actually came through an exploit of Exchange, this follows claims from Microsoft earlier in March about China-based state actor Hafnium removing a number of vulnerabilities in versions of the software. on buildings, which include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.
According to Microsoft, the recent Exchange attack chain starts with an actor gaining access to an exchange server, either with stolen passwords or with the vulnerabilities, to appear as someone with appropriate access.
Next, the player creates a web shell to remotely control the compromised server. It then uses that access, through US-based private servers, to steal data.
In response to the exchange campaigns, Microsoft has released a number of packages and scripts to mitigate the vulnerability.
REvil reportedly warned Acer “not to repeat what happened to the SolarWind”, said Bleeping Computer, which may be referring to the attacks that damaged infrastructure SolarWinds and its Orion platform in December 2020.
ARN has contacted Acer for more information.
Acer Tags