Renowned ransomware gang REvil recently targeted a Microsoft Exchange server on the territory of Taiwanese PC giant Acer, according to Advanced Intelligence CEO Vitali Kremez.
Intel’s advanced Andariel intelligence cyber platform discovered that a relative of REvil had to arm Microsoft Exchange, Kremez told CRN. Data collected by Andariel on March 5 shows that the Acer Exchange server was targeted, according to a screenshot from BleepingComputer, which first reported the news. REvil said on their leaked site Thursday that they had hacked into and stolen Acer’s unencrypted data.
The REvil attack would represent a surge in the massive campaign against Microsoft Exchange servers, which first came into the public eye on March 3 when the software giant appeared in Redmond, Wash.,. Four vulnerabilities in on-premises versions of Exchange. Enemies last week began using DearCry ransomware on victims’ systems after they hacked into unrelated exchange servers, Microsoft said.
[Related: DearCry Ransomware Unleashed In Microsoft Exchange Hack]
Unlike DearCry – which BleepingComputer described as less work with fewer victims – REvil is one of the most infamous ransomware operators around, exploding the scene in 2019 when it let e carried out a devastating ransomware attack on 22 cities and countries in Texas through TSM Consulting, their MSP. Microsoft declined to comment on the BleepingComputer report.
It is possible that the REvil affair that followed Acer is also working with other threat actors, so other organizations may now be able to target Exchange servers, according to threat analyst Brett Callow. New Zealand-based Emsisoft. As of last week, there were still about 80,000 veterans who could not directly apply Microsoft security updates, Palo Alto Networks told BleepingComputer.
The REvil affiliation called for behind the $ 50 million Acer cryptocurrency attack, LeMagIT said Friday afternoon. In a conversation that began on March 14, the attackers offered Acer a 20 percent discount if payment was made before last Wednesday. As a reward, the REvil relative said they would decryptor, report vulnerabilities, and delete stolen files, according to BleepingComputer.
On their public leaked site, REvil submitted images from Acer’s financial spreadsheets, bank balancing, and bank communications. The $ 50 million bid from Acer is the largest ever price tag to be publicly recognized, Callow said, more than the $ 42 million REvil demanded from renowned law firm Grubman Shire Meiselas & Sacks , which included Nicki Minaj, Mariah Carey and LeBron James among her clients.
Acer would not comment on whether it was hit by ransomware, the amount of compensation requested, or whether its Microsoft Exchange servers were targeted. “Companies like us are constantly under attack, and we have recently reported unusual situations observed to law enforcement and data protection authorities in several countries,” an Acer spokesman said. to CRN.
REvil’s bid for a reputation for democratizing access to its devices through a connected model, gives organizations around the world access to their technology, Proofpoint EVP of cybersecurity strategy told CRN last year. The ransomware operator has gone after affiliates with little potential around network intrusion, and with more actors under the umbrella of REvil has allowed the group to dramatically increase their attacks.
The group followed the footsteps of RobinHood and Maze in December 2019 when they tried to eliminate organizations that did not pay the counterfeit money by publishing victim data to a leaked site, CrowdStrike SVP of Intelligence Adam Meyers told CRN in 2020.