Computer manufacturer Acer is facing a challenging task this week.
A $50 million ransomware demand has been made against the company by the REvil cybercrime group, which is reportedly the largest known ransomware demand ever made.
Acer is a Taiwanese multinational hardware and electronics manufacturer, with a market share of roughly 6% of all global sales. In the fourth quarter of 2020, the company reported revenue of about $3 billion, which could explain why they are now facing such a steep extortion price.
Acer responds to ransomware situation
REvil is demanding the ransom payment in cryptocurrency to decrypt the company's network and not leak its data on the Dark Web.
The ransomware attack has not disrupted production systems and did not delay the company from releasing its Q4-2020 financial results last week.
At the beginning of the incident, Acer offered $10 million as payment. REvil responded by offering Acer a 20% discount if it made the payment by March 17. Acer now has until March 28 to pay the $50 million or the ransomware demand will double to $100 million.
Here is what Acer said in a statement regarding the situation:
"Acer routinely monitors its IT systems, and most cyber attacks are well defensed.
Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.
We have been continuously enhancing our cyber security infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities."
An investigation from BleepingComputer has revealed the REvil gang may have successfully weaponized the Microsoft Exchange ProxyLogon vulnerabilities in order to gain access to Acer's network.
There have been a few cases of a new ransomware strain, DearCry, that have been observed taking place via ProxyLogon. This incident with Acer would be the first public disclosure of a major ransomware operation exploiting the vulnerabilities, which leave on-premise Microsoft Exchange Servers open to takeover.