On March 18th, the REvil ransomware group (also referred to as Sodinokibi) posted “proof” through their leak site that they infected Taiwanese computer giant Acer. The demand is the largest known to date at a whopping $50 million USD. Acer did not confirm the ransomware infection when reached out to by BleepingComputer, only acknowledging that “recent abnormal situations” had been reported to law enforcement. Below is the full statement:
“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”
“We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.” – Acer.
Vitali Kremez has told BleepingComputer that Advanced Intel has detected a REvil affiliate targeting an Exchange server in the Acer domain, following weeks of ProxyLogon (CVE-2021-26855) attacks across the internet. It is currently unknown if this was the vector for infection, however.