Microsoft’s troubles seem to have hurt PC giant Acer. The Taiwanese computer manufacturer has reportedly been hit by ransomware attack, one of the largest ransomware demands to date. According to a report in Engadget, REvil ransomware gang is demanding $50,000,000 from Acer. The report quotes Bleeping Computer, The Record and other sources. Hackers are said to have exploited Microsoft Exchange vulnerability to gain entry into the company’s network. It is believed to be the same group that was also behind the $6 million ransomware attack on Travelex in 2020.
The ransomware gang has announced access to Acer’s data site on their website. It has shared some images of allegedly stolen files as proof. These images include documents that include financial spreadsheets, bank balances and bank communication.
So far, Acer has not confirmed the ransomware demand. In a statement to Bleeping Computer, it said that it has “reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.” As for the link to flaws discovered in Microsoft Exchange recently, it is Advanced Intel’s Andariel cyberintelligence platform that has pointed out to the gang having expolited Microsoft vulnerability.
The software giant recently released patches for four Exchange vulnerabilities that bad actors have been using to infiltrate companies and organizations across industries. A Chinese state-sponsored group called Hafnium is said to after these cyberattacks as per the tech giant. Microsoft describes the group as a “highly skilled and sophisticated actor” that primarily targets entities in the United States, including law firms, educational institutions, defense contractors and NGOs.
The group reportedly used these vulnerabilities to gain entry into its targets’ Exchange Server, the company’s mail and calendaring server, account. “It then installs a backdoor into their system so it be accessed remotely, and then use that remote access to steal information from its victim. Microsoft says Hafnium conducts its operations primarily from leased virtual private servers in the US despite being based in China,” as per an earlier report in Engadget.