Acer hit by apparent attack from REvil ransomware group
Acer has been hit by an clear cyber attack, according to a publish on ransomware group REvil’s darkish website web site.
The publish and alleged leak was printed Thursday onto REvil’s darkish website leak web site, titled “Happy Web site.” The putting up, which SearchSecurity independently considered, contained a prolonged record of intended monetary data from the Taiwanese Computer system seller. It can be unclear whether REvil danger actors deployed ransomware in Acer’s network or basically stole company facts.
SearchSecurity contacted Acer Thursday to inform the enterprise of the publish and requested comment on the alleged attack. Acer responded with a statement Friday morning.
“Acer routinely screens its IT devices, and most cyberattacks are very well defensed. Businesses like us are continuously under attack, and we have reported the latest irregular cases noticed to the appropriate regulation enforcement and facts defense authorities in several nations,” the statement read through. “We have been consistently improving our cybersecurity infrastructure to guard business enterprise continuity and our data integrity. We urge all providers and companies to adhere to cyber security disciplines and best techniques, and be vigilant to any network exercise abnormalities.”
UPDATE: A REvil ransomware sample on malware assessment web site Hatching Triage was discovered by TechTarget sister publication LeMagIT Friday, which contained a link to a REvil ransomware desire for $fifty million in Monero (213,151 XMR as of publishing).
SearchSecurity independently considered the ransom desire link involved in the malware sample. Together with the desire was a “chat help” tab that contained an clear chat window in between danger actors and a negotiator doing work on behalf of an unnamed victim. As evidence of the breach, the danger actors delivered some facts, which includes a link to the Happy Web site publish that contained Acer facts.
The negotiator appeared amazed by the substantial desire and tried using to get the danger actors to decreased it, but the danger actors abruptly broke off negotiations in clear irritation. The web site had a remaining time of about 8 days, 18 hrs, at which issue the Monero value would double to $one hundred million.
Danger detection seller Emsisoft notified SearchSecurity of the putting up on REvil’s Happy Web site. Emsisoft danger analyst Brett Callow reported in an electronic mail that danger actors are obtaining far better at hitting large targets.
“Though most ransomware victims are continue to modest businesses, danger actors have grow to be ever more adept at penetrating the networks of substantially greater enterprises. And, of system, that indicates more substantial ransoms, which in switch indicates the criminals are far better resourced and more incentivized than ever just before,” he wrote. “And, of system, facts theft has grow to be escalating commonplace far too with more than one,three hundred companies getting their facts stolen and posted on the web in 2020.”
REvil, also regarded as Sodinokibi, was first recognized by Cisco Talos in 2019 and has preserved a significant degree of exercise in the decades since.
Alexander Culafi is a writer, journalist and podcaster based in Boston.
