Security News > 2021 > March > REvil continues ransomware attack streak with takeover of laptop maker Acer

Acer sent out the same statement to multiple news outlets, refusing to confirm or deny the attack and only saying companies like it "Are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries."

Bleeping Computer also reported that there are some indications showing the people behind REvil used a Microsoft Exchange server on Acer's domain, potentially making it one of the first times a ransomware group leveraged a heavily publicized vulnerability to complete an attack.

"The WannaCry ransomware from 2017 utilized the EternalBlue exploit and took only a few months before a massive attack occurred. With this attack, it took just weeks."

Targeted ransomware actors like REvil will see this as a particular boon as the many bespoke steps of an attack-infiltration, reconnaissance, gaining access to valuable data-can be short-circuited with a direct attack on an organization's Exchange Server, Tavakoli explained.

Ivan Righi, cyber threat intelligence analyst at Digital Shadows, said the REvil ransomware group is known for its high ransom demands and referenced a recent attack in February where the group demanded $30 million ransom from Dairy Farm, a pan-Asian retailer.

"The name of the game in ransomware is finding easy entry points, and that is what the Exchange vulnerability presented. The third consideration is that cyber criminals have been investing their time in supply chain and developer tool attacks, which has reduced the focus on ransomware attacks since they are now playing the 'long game,'" Hoffman said.

News URL

https://www.techrepublic.com/article/revil-continues-ransomware-attack-streak-with-takeover-of-laptop-maker-acer/#ftag=RSS56d97e7