Acer has been hit by an evident cyber attack, in accordance to a put up on ransomware group REvil’s darkish net internet site.
The put up and alleged leak was posted Thursday on to REvil’s darkish net leak internet site, titled “Joyful Blog site.” The submitting, which SearchSecurity independently seen, contained a extended listing of supposed money information from the Taiwanese Laptop vendor. It can be unclear no matter if REvil threat actors deployed ransomware inside Acer’s community or merely stole company details.
SearchSecurity contacted Acer Thursday to inform the company of the put up and requested comment on the alleged attack. Acer responded with a statement Friday morning.
“Acer routinely monitors its IT systems, and most cyberattacks are effectively defensed. Businesses like us are regularly below attack, and we have documented modern abnormal scenarios noticed to the related law enforcement and details safety authorities in many nations around the world,” the statement examine. “We have been continually improving our cybersecurity infrastructure to protect business enterprise continuity and our facts integrity. We urge all providers and companies to adhere to cyber safety disciplines and very best methods, and be vigilant to any community activity abnormalities.”
UPDATE: A REvil ransomware sample on malware investigation internet site Hatching Triage was identified by TechTarget sister publication LeMagIT Friday, which contained a link to a REvil ransomware desire for $fifty million in Monero (213,151 XMR as of publishing).
SearchSecurity independently seen the ransom desire link included in the malware sample. Along with the desire was a “chat assistance” tab that contained an evident chat window in between threat actors and a negotiator functioning on behalf of an unnamed sufferer. As proof of the breach, the threat actors offered some details, including a link to the Joyful Blog site put up that contained Acer details.
The negotiator appeared surprised by the significant desire and tried out to get the threat actors to decrease it, but the threat actors abruptly broke off negotiations in evident stress. The internet site had a remaining time of approximately 8 times, 18 several hours, at which point the Monero selling price would double to $one hundred million.
Threat detection vendor Emsisoft notified SearchSecurity of the submitting on REvil’s Joyful Blog site. Emsisoft threat analyst Brett Callow said in an e-mail that threat actors are getting superior at hitting large targets.
“While most ransomware victims are still smaller organizations, threat actors have turn into significantly adept at penetrating the networks of a lot much larger enterprises. And, of study course, that suggests even bigger ransoms, which in flip suggests the criminals are superior resourced and far more incentivized than ever before,” he wrote. “And, of study course, details theft has turn into rising commonplace as well with far more than one,300 companies getting their details stolen and posted on the web in 2020.”
REvil, also acknowledged as Sodinokibi, was first determined by Cisco Talos in 2019 and has preserved a considerable amount of activity in the years considering the fact that.
Alexander Culafi is a author, journalist and podcaster based mostly in Boston.