Security News > 2021 > March > REvil continues ransomware attack streak with takeover of laptop maker Acer
Acer sent out the same statement to multiple news outlets, refusing to confirm or deny the attack and only saying companies like it "Are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries."
Bleeping Computer also reported that there are some indications showing the people behind REvil used a Microsoft Exchange server on Acer's domain, potentially making it one of the first times a ransomware group leveraged a heavily publicized vulnerability to complete an attack.
"The WannaCry ransomware from 2017 utilized the EternalBlue exploit and took only a few months before a massive attack occurred. With this attack, it took just weeks."
Targeted ransomware actors like REvil will see this as a particular boon as the many bespoke steps of an attack-infiltration, reconnaissance, gaining access to valuable data-can be short-circuited with a direct attack on an organization's Exchange Server, Tavakoli explained.
Ivan Righi, cyber threat intelligence analyst at Digital Shadows, said the REvil ransomware group is known for its high ransom demands and referenced a recent attack in February where the group demanded $30 million ransom from Dairy Farm, a pan-Asian retailer.
"The name of the game in ransomware is finding easy entry points, and that is what the Exchange vulnerability presented. The third consideration is that cyber criminals have been investing their time in supply chain and developer tool attacks, which has reduced the focus on ransomware attacks since they are now playing the 'long game,'" Hoffman said.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)