Acer, one of the world’s leading manufacturers of computers has been targeted by a $50m ransomware attack, with hackers demanding what is one of the largest ransoms ever requested.
Hackers have published images of spreadsheets purporting to belong to the Taiwanese electronics manufacturer, with bank balances and sensitive financial information included.
Acer has around 7,000 employees on its books, and reported $7.8 billion worth of earnings in 2019.
Acer was targeted by the REvil ransomware variant of the malicious software, that encrypts an organisation’s data, leaving it unusable until a ransom is paid.
In this case, hackers are demanding a record-setting $50 million ransom to be paid by Acer in order to restore access to their files, and ensure deletion of the files by the hackers.
This $50 million ransom figure is the largest ransom ever recorded by a ransomware group, surpassing the $30 million demanded by hackers in the Dairy Farm cyberattack that was launched by the same REvil ransomware cybercriminal gang.
News of the ransomware attack first came from BleepingComputer, who says that after finding the sample documents listed by hackers, the authors “can confirm that based on the ransom note and the victim’s conversations with the attackers, the sample is from the cyberattack on Acer.”
That report states that a member of Acer’s team “showed shock at the massive $50 million demand,” and that “later in the chat, the REvil representative shared a link to the Acer data leak page, which was secret at the time.”
At one point in their conversation, a member of the REvil ransomware gang warned that if Acer refused to pay the ransom, the company risked repeating “the fate of the SolarWind” attack.
The hackers reportedly offered Acer a 20% discount if the ransom was paid by Wednesday last week, where REvil would provide a decrypting tool, vulnerability report and delete their stolen files.
BleepingComputer got in contact with Acer to confirm whether or not the company had been hit by the ransomware attack, to which the company provided a vague response that involved reporting “recent abnormal situations” to law enforcement and data protection authorities.
The company says that “Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”
“We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity,” Acer added. “We urge all companies and organisations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.”
When pressed for specific details on the ransomware attack, Acer said that “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”