The REvil/Sodinokibi ransomware group has reportedly targeted computer manufacturer Acer with a $50 million ransomware attack — and its ransom demand may grow, investigators say.
News of the double-extortion ransomware campaign surfaced late last week, when attackers claimed on their data leak website to have breached Acer, Bleeping Computer reported. At the time, attackers published some reportedly stolen files as evidence of a successful intrusion. The documents included bank balances, financial spreadsheets, and financial communications.
Further investigation by LeMagIT and SearchSecurity revealed a ransom demand of $50 million. The former reports that attackers offered Acer a 20% discount on their initial ransom demand if it was paid by March 17, and the company reportedly offered $10 million. As of March 22, the attackers have given Acer a new payment deadline of March 28 or they'll double the demand.
When contacted for a comment on the attack, Acer responded with the following statement to ComputerWeekly: "Acer routinely monitors its IT systems, and most cyber attacks are well defenced. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries."
REvil is known for its high ransomware demands, notes Ivan Righi, cyber-threat intelligence analyst at Digital Shadows, though it's unknown if any previous victims have paid up in full.
"The large demand suggests that REvil likely exfiltrated information that is highly confidential, or information that could be used to launch cyberattacks on Acer's customers," he says.
Read more details here.