Security News > 2021 > March > REvil continues ransomware attack streak with takeover of laptop maker Acer
Acer sent out the same statement to multiple news outlets, refusing to confirm or deny the attack and only saying companies like it "Are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries."
Bleeping Computer also reported that there are some indications showing the people behind REvil used a Microsoft Exchange server on Acer's domain, potentially making it one of the first times a ransomware group leveraged a heavily publicized vulnerability to complete an attack.
"The WannaCry ransomware from 2017 utilized the EternalBlue exploit and took only a few months before a massive attack occurred. With this attack, it took just weeks."
Targeted ransomware actors like REvil will see this as a particular boon as the many bespoke steps of an attack-infiltration, reconnaissance, gaining access to valuable data-can be short-circuited with a direct attack on an organization's Exchange Server, Tavakoli explained.
Ivan Righi, cyber threat intelligence analyst at Digital Shadows, said the REvil ransomware group is known for its high ransom demands and referenced a recent attack in February where the group demanded $30 million ransom from Dairy Farm, a pan-Asian retailer.
"The name of the game in ransomware is finding easy entry points, and that is what the Exchange vulnerability presented. The third consideration is that cyber criminals have been investing their time in supply chain and developer tool attacks, which has reduced the focus on ransomware attacks since they are now playing the 'long game,'" Hoffman said.
News URL
Related news
- Lessons from a Ransomware Attack against the British Library (source)
- Jackson County in state of emergency after ransomware attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)
- The Drop in Ransomware Attacks in 2024 and What it Means (source)
- Change Healthcare faces second ransomware dilemma weeks after ALPHV attack (source)
- Daixin ransomware gang claims attack on Omni Hotels (source)
- Change Healthcare’s ransomware attack costs edge toward $1B so far (source)
- New open-source project takeover attacks spotted, stymied (source)