[ad_1]
Credit: Dreamstime
Hardware vendor Acer has reportedly been the target of a ransomware attack by the group known as REvil, which requires $ 50 million to decrypt the locked data.
According to Computer ringingAcer has until March 28 to pay the ransom, by which time the price will double to $ 100 million.
The attack possibly stemmed from a Microsoft Exchange exploit, as the CEO of cybersecurity firm Advanced Intelligence, Vitali Kremez, allegedly told Bleeping Computer that the company’s Andariel cyber intelligence platform identified that the attacking group allegedly targeted to a Microsoft Exchange server on an Acer domain.
In addition, the attacking group allegedly contacted an Acer representative on March 14, Bleeping Computer claimed, and offered a 20 percent discount if payment was made before the following Wednesday, promising to remove the stolen files, as well as provide a decryptor and a vulnerability report.
If the attack did indeed come about via an Exchange exploit, this follows Microsoft’s claims in early March about China-based state actor Hafnium abusing a number of vulnerabilities in local versions of the software, which They include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.
According to Microsoft, the recent chain of Exchange attacks begins with an actor gaining access to an Exchange server, either with stolen passwords or with the vulnerabilities, to appear as someone with the proper access.
The actor then creates a web shell to control the compromised server remotely. It then uses that access, via private US-based servers, to steal data.
In response to the vulnerabilities in Exchange, Microsoft has released several patches and scripts to mitigate the vulnerabilities.
REvil also allegedly warned Acer “not to repeat SolarWind’s fate,” claimed Bleeping Computer, potentially referring to attacks that compromised SolarWinds infrastructure and its Orion platform in December 2020.
RNA Acer has been contacted for more details.
Acer labels
[ad_2]
