Acer has purportedly become the victim of a massive ransomware attack, in which hackers are asking for $50 million to release the company’s stolen data, Bleeping Computer reported on Friday. Nonetheless, the company has not publicly confirmed the attack, vaguely stating that, “companies like us are constantly under attack.”
According to Bleeping Computer, the attack was carried out by the REvil hacker group, which announced on its data leak site that it had breached Acer. As proof, the group shared images of the alleged files they had stolen, which include financial spreadsheets, bank balances, and bank communications. If true, this would be the largest attempted ransom ever demanded. In 2020, the highest attempted ransom to date was $30 million, ZDNet reported.
REvil is the same group linked to the Travelex attack in 2020. Reports from that time stated the group had asked for a $6 million ransom. In the end, the company supposedly paid the REvil group roughly $2.3 million worth of bitcoin.
Gizmodo reached out to Acer to confirm the report and ask for comment. The company did not acknowledge whether it had been the victim of an attack. It did acknowledge that it had reported recent “abnormal situations” to authorities.
“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries,” Acer said. “We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity.”
Acer added that it urged companies and organizations to adhere to cybersecurity best practices and to “be vigilant to any network activity abnormalities.”
Bleeping Computer reported that it, as well as the French outlet LeMagIT, discovered the ransomware sample REvil used in the Acer attack. The outlet also analyzed the ransom note and the victim’s conversation with the hackers, which Bleeping Computer says confirm the attack was on Acer. Hackers have reportedly given Acer until March 28 to pay the ransom.
Some experts told the outlet that the breach could be related to a Microsoft Exchange server on Acer’s domain, which the REvil hackers recently targeted. It’s not clear whether the hackers exploited the Microsoft Exchange security vulnerabilities revealed earlier this month, which early estimates state have compromised around 30,000 U.S. organizations.
Nonetheless, the number of entities compromised worldwide could be much larger, with some reports stating that there are at least 60,000 known victims around the globe.