Connect with us

Press Release

Ransomware assault costs $50 million on computer giant Acer

Published

on

Ransomware assault costs $50 million on computer giant Acer

Revil ransomware has attacked computer company Acer, and the threat actors are requesting the $50,000,000,000 ransom, which is the highest known ransom to date.

Acer is a well-known Taiwanese manufacturer of computers, electronics, and monitors. About 7,000 people work for Acer, which had revenue of $7.8 billion in 2019.

The ransomware gang said yesterday that they have infiltrated Acer and posted some screenshots of purportedly stolen files as evidence on their data leak website.

These documents, which contain financial spreadsheets, bank balances, and bank correspondence, were exposed through the use of leaked photos.

In response to BleepingComputer’s queries, Acer said that they “reported recent odd situations” to pertinent LEAs and DPAs but did not give a clear statement as to whether they had been the victim of a REvil ransomware assault.

Below is a link to their full response:

“Acer regularly checks its IT infrastructure, and the majority of hacks are successfully thwarted. Companies like ours are frequently targeted, and we have recently witnessed strange circumstances that we have notified to the appropriate law enforcement and data protection agencies in several different countries.”

“To ensure company continuity and information integrity, we have been steadily improving our cybersecurity infrastructure. We strongly advise all businesses and organisations to follow cyber security best practises and guidelines and to keep an eye out for any unusual network behaviour.” – Acer.

Acer responded to queries for additional information by saying “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”

Known highest ransom demand
Following the release of our article, LegMagIT’s Valery Marchive found the REvil ransomware sample that was utilised in the Acer assault and demanded a huge $50 million ransom.

Soon after, BleepingComputer discovered the sample and is able to corroborate that it is from the onslaught on Acer based on the ransom message and the victim’s chat with the attackers.

Beginning on March 14th, the victim began speaking with REvil, who displayed disbelief at the victim’s enormous $50 million demand.

The REvil representative offered a link to the Acer data leak page later on in the chat, which was still under wraps at the moment.

A 20% discount was also provided by the assailants if payment was completed by this past Wednesday. The ransomware group would deliver a decryptor, a vulnerability report, and the destruction of the files they had stolen in exchange.

The REvil operation once issued a mysterious warning to Acer, telling them “not not repeat the fate of the SolarWind.”

The previous greatest known ransom was the $30 million extortion from the Dairy Farm cyberattack, which was also perpetrated by REvil. REvil’s 50 million demand is the largest known ransom to date.

Possibly exploited Microsoft Exchange
According to Vitali Kremez of BleepingComputer, the Revil gang recently targeted a Microsoft Exchange server on the Acer domain, which Advanced Intel’s Andariel cyberintelligence technology was able to identify.

Kremez told BleepingComputer that “Advanced Intel’s Andariel cyberintelligence technology noticed that one specific REvil affiliate pursued Microsoft Exchange weaponization.”

Although they are a smaller operation with fewer victims, the threat actors behind the DearCry ransomware have already deployed their ransomware via the ProxyLogon vulnerability.

If the current Microsoft Exchange flaws were utilised by REvil to steal data or encrypt devices, it would mark the first time one of the ransomware operations that targets large-scale threats used this kind of attack.

Continue Reading

Press Release

FlexBooker reports a data breach, affecting more than 3.7 million accounts.

Published

on

FlexBooker reports a data breach, affecting more than 3.7 million accounts.

In an attack just before the holidays, the accounts of over three million customers of the American appointment scheduling service FlexBooker were taken, and they are now being exchanged on hacker forums.

The same hackers are also selling databases they claim to be from two other organisations: the Australian case management system rediCASE and the racing media outlet Racing.com.

Holiday breaches before
A few days before Christmas, there were supposedly three breaches, and the intruder posted the information on a hacking forum.

A popular programme for booking appointments and syncing employee calendars, FlexBooker, appears to be the source of the most recent data dump.

Owners of any company that needs to plan appointments, such as accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on, are among FlexBooker’s clients.

The group claiming responsibility for the attack appears to go by the name of Uawrongteam, and they published links to files and archives containing personal information, including pictures, driver’s licences, and other IDs.

The database, according to Uawrongteam, has a table with 10 million lines of client data, including everything from payment forms and charges to pictures taken for driver’s licences.

Names, emails, phone numbers, password salt, and hashed passwords are among the database’s “juicy columns,” according to the actor.

Customers of FlexBooker have received a data breach notification that confirms the attack and that data on the service’s Amazon cloud storage system was “accessed and downloaded” by the intruders.

The letter states that “our account on Amazon’s AWS servers was compromised on December 23, 2021, starting at 4:05 PM EST,” adding that the attackers did not obtain “any credit card or other payment card information.”

FlexBooker advised consumers to be on the lookout for strange or fraudulent activities, and to monitor account statements and credit reports.

For further information, the developer also directed users to a report on a distributed denial-of-service (DDoS) attack. It was then determined that some customers’ personal information had been obtained by the hackers.

The FlexBooker assault exposed email addresses, names, partial credit card information, passwords, and phone numbers for more than 3.7 million users, according to the data breach reporting service Have I Been Pwned.

Prior to FlexBooker, the threat actor known as Uawrongteam distributed links to material that was purportedly taken from Racing.com, a digital television station that broadcasts horse racing and offers news, stats, and event calendars associated with the sport.

The data from the Redbourne Gang’s rediCASE Case Management Software, which is utilised by numerous enterprises in addition to health and community agencies, looks to be another target of the same group.

Continue Reading

Press Release

Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which establishes in-store and on the internet payments technologies, for $100M (Omar Faridi/Crowdfund Expert).

Published

on

acquire Iceland-based Valitor

Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which develops in-store and online payments technologies, for $100M (Omar Faridi/Crowdfund Insider)

Omar Faridi / Crowdfund Insider:
Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which develops in-store and online payments technologies, for $100M  —  – Twitter- Facebook- LinkedIn- Pinterest- Reddit- HackerNews- Telegram- Weibo- Email- Print- Subscribe

Continue Reading

Press Release

A NEW GOLANG-BASED WORM HAS BEEN ACTIVELY DROPPING XMRIG CRYPTOCURRENCY MALWARE ON WINDOWS AND LINUX SERVERS SINCE EARLY DECEMBER, MINING MONERO (SERGIU GATLAN/BLEEPINGCOMPUTER)

Published

on

GOLANG-BASED WORM

A new Golang-based worm has been actively dropping XMRig cryptocurrency malware on Windows and Linux servers since early December, mining Monero  —  A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.

Continue Reading

Trending