Security News > 2021 > March > REvil continues ransomware attack streak with takeover of laptop maker Acer
Acer sent out the same statement to multiple news outlets, refusing to confirm or deny the attack and only saying companies like it "Are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries."
Bleeping Computer also reported that there are some indications showing the people behind REvil used a Microsoft Exchange server on Acer's domain, potentially making it one of the first times a ransomware group leveraged a heavily publicized vulnerability to complete an attack.
"The WannaCry ransomware from 2017 utilized the EternalBlue exploit and took only a few months before a massive attack occurred. With this attack, it took just weeks."
Targeted ransomware actors like REvil will see this as a particular boon as the many bespoke steps of an attack-infiltration, reconnaissance, gaining access to valuable data-can be short-circuited with a direct attack on an organization's Exchange Server, Tavakoli explained.
Ivan Righi, cyber threat intelligence analyst at Digital Shadows, said the REvil ransomware group is known for its high ransom demands and referenced a recent attack in February where the group demanded $30 million ransom from Dairy Farm, a pan-Asian retailer.
"The name of the game in ransomware is finding easy entry points, and that is what the Exchange vulnerability presented. The third consideration is that cyber criminals have been investing their time in supply chain and developer tool attacks, which has reduced the focus on ransomware attacks since they are now playing the 'long game,'" Hoffman said.
News URL
Related news
- AutoCanada says ransomware attack "may" impact employee data (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)