325 million dollars in ransom! Computer giant Acer has been hit by a software blackmail that appears to stem from a vulnerability in Microsoft Exchange

Computer giant Acer was hit by a ransomware attack called Rvil that demanded the largest ransom yet: $50 million (325 million yuan).

According to Bleeping Computer, the attackers may have gained access to Acer’s internal network through the Microsoft Exchange vulnerability. Because Acer has not paid for the extortion, the hackers have made public some of their financial information, including financial statements, bank information and records of transactions between the company and the bank.

ACER officials have issued only a “vague” response to the incident, saying that there have been “unusual incidents” that have been dealt with urgently by international law enforcement agencies.

“An investigation is under way. For security reasons, we cannot comment on the details.”

A ransom of 325 million yuan with a 20% discount for early payment

Valery Marchive of Legmagit found a sample of the Rvil ransomware used in the Acer attack following the BleepingComputer article, according to an article published by BleepingComputer. The ransomware gang is demanding a ransom of up to $50 million.

According to the screenshot information, payment before Wednesday also shows a 20 percent discount, and provides decryption tools, bug reports and the deletion of stolen files, but Acer has missed the “early bird price.”

From the open part of the sample information, the relevant media have confirmed that the source of the sample is true. Acer’s full response is as follows:

“Acer regularly monitors its IT systems and can effectively defend against most cyber attacks. Companies like ours are regularly targeted and we have reported the most recent anomalies to relevant law enforcement and data protection authorities in multiple countries.”

“We are constantly improving our cyber security infrastructure to protect business continuity and information integrity. We urge all companies and organizations to observe cybersecurity discipline and best practices, and to be vigilant for any unusual instances of cyber activity.”

Suspected attack against Microsoft Exchange

Vitali Kremez told BleepingComputer, Advanced Intel’s Andariel Network Intelligence Platform has detected a recent attack by the Revil gang against Microsoft Exchange servers in the ACER Domain Name System.

DearCry is a new ransomware that exploits a security hole in Microsoft Exchange servers, allowing hackers, cybercriminals and spies to deploy destructive attacks or steal secrets. The threat actors behind DearCry have used the ProxyLogon vulnerability to deploy their ransomware, but they are smaller operations with fewer victims.

Orion, a US software developer, was hacked last year, affecting 33,000 of its public and private customers.

If Rvil did exploit the recent Microsoft Exchange vulnerability to steal data or encryption devices, it would be the first time one of the ransomware attacks targeting only a large target has used this route.

References:


1.
https://www.bleepingcomputer….


2,
https://hk.appledaily.com/chi…


3,
https://www.theverge.com/2021…