Even tech companies are a luring target for cybercriminals. Recently, a global high-ranking computer company Acer found snaps of its data at a shaming leak site of REvil ransomware. According to the available information, the digital burglars are demanding the topmost sum of a ransom ever seen – 50 million dollars.
Despite Acer has been avoiding explicit confirmation, the criminals tried to prove success by publishing screenshots of their loot. Stolen data allegedly include the company’s sensitive documents like financial spreadsheets, bank documents and communications.
LIFARS Managed Threat Hunting and Response Service (MTH&R) was designed to help to uncover adversaries across your Endpoint, Network and SIEM data. Our elite team has decades of experience responding and hunting for adversaries from 100’s of attacks, including Ransomware and APT’s.
A third-party analysis also discovered the hackers’ negotiation with the victim since the middle-March. Initially, the attackers should have “venerably” offered the company an early-bird discount. Now they are threatening to double the price unless the company pays the ransom by the end of the week.
Tor site demanding payment addressed to Acer
As noted by the Acer itself, businesses continuously face self-enriching threat actors. The case again underlines the need to deploy active monitoring tools to IT systems. Thanks to that, the Taiwanese tech giant said to have detected suspicious activities and responded by appropriate security measures.
Along the way, experts speculate that the attack relates to the Microsoft Exchange hack. Cyber intelligence researchers tracked REvil’s latest attempt to exploit the possible critical vulnerabilities in Acer’s on-premises server domain.
The Usual Suspects
REvil or Sodinokibi is a prototype of a double extortion ransomware model, where data encryption is accompanied by threats about their circulation. One of the group’s members publicly stated that under such pressure every third victim is willing to pay – despite the consensual advice saying not to.
The famous Russian gang is clearly profit-motivated and not ashamed to request shocking ransoms. Since last year, it held the recognizable lead in the ransom demands with the attack on a NY-based law firm. In the event of non-payment of 42 million dollars, REvil intended to disclose celebrity legal documents.
To speed-up its gainful activities, the hackers are involved in Ransomware-as-a-Service (RaaS) crime schemes, providing malware to dirty intermediaries. Experts believe that their annual profit reaches 100 million dollars. However, they made a notorious claim on aiming ten times higher.
In unfortunate need to encounter REvil or any similar attacker, LIFARS experts are ready to give you a hand. Our DFIR Team has its successful experience with the threat actor. To learn more, download our REvil Sodinokibi Ransomware Case Study Technical Guide.