Hacker Group REvil Holds $100 Million Ransom Over Acer



REvil is back at it again. The hacker group responsible for breaching a cosmetic surgery business last December has their eyes on a much bigger prize: Acer.

They’ve hit the Taiwanese hardware and electronics manufacturer with the largest ransom known to date, and they warn that it could get much larger if they don’t comply.

REvil Gives Acer ‘Options’ For Their Ransom

According to cybersecurity experts who spoke with Bleeping Computer, the hackers may have targeted a vulnerable Acer Exchange mail server. On March 2nd, Microsoft announced that its Exchange servers were compromised, which could add up to one of the largest hacks we’ve ever seen.

Acer has yet to confirm or deny that they were compromised in this way. They have yet to say much of anything other than that they’ve reported ‘recent abnormal situations’ to law enforcement.

As with most ransomware attacks, the hackers appear to have made off with sensitive corporate data for which they will now demand payment. The group posted several sensitive documents online, including bank balances, bank communications, and financial spreadsheets.

Acer
REvil shows proof of their breach. | Source: Bleeping Computer

But what’s interesting is REvil’s new ‘payment plan’ that they’ve ‘offered’ Acer. According to Forbes, Acer can pay $50 million by March 28th. If they want to pay earlier, they can get a 20% discount. And if they don’t pay by the 28th, REvil says it will double the ransom to $100 million.

REvil
Acer drops their ransom request. | Source: Bleeping Computer

$100 million would be the largest known ransom to date, by far. In fact, $50 million would be as well. The previously known record ransom was also by REvil, which demanded $30 million from Asian retail giant Dairy Farm in January.

But just because Acer could afford payment (it earned $7.8 billion in 2019) doesn’t mean it should comply.

What To Do If Hackers Hold You For Ransom

REvil is a major hacking outfit that hacks major companies, but smaller hackers target smaller businesses and even normal people like you or me.

The first rule, when threatened with a ransom, is to contact the authorities. The second general rule when you’ve been targeted is to resist paying off the hackers. Many times, once they realize that you’ll pay, they will raise the price after you’ve met their original demands.

If you run an organization that you fear may be breached, follow these practices to keep your cybersecurity healthy:

  • Back up your critical files and diversify the storage media to avoid a single point of failure (SPOF).
  • Implement the principle of least privilege for user accounts.
  • Keep the servers and endpoints up to date to make sure they use the latest security patches.
  • Follow effective network monitoring practices.
  • Keep tabs on event logs to identify anomalous behavior before it causes harm.
  • Leverage a combo of IP filtering, an intrusion detection system (IDS), and an intrusion prevention system (IPS).
  • Use Linux security extensions that control and restrict access to data or network resources.
  • Apply robust network segmentation and data compartmentalization to minimize the impact of a potential ransomware attack.

And if you’re worried that you’ve been hacked or want to take preventative measures, reach out to us immediately.

Featured image by askarim from Shutterstock.com