The REvil ransomware operation claims to have stolen unencrypted knowledge after hacking electronics and laptop large Acer.
Yesterday, the ransomware gang introduced on their knowledge leak web site that they’d breached Acer and shared some photos of allegedly stolen recordsdata as proof.
These leaked photos are for paperwork that embody monetary spreadsheets, financial institution balances, and financial institution communications.
In response to BleepingComputer’s inquiries, Acer didn’t present a transparent reply concerning whether or not they suffered a REvil ransomware assault, saying as a substitute that they “reported current irregular conditions” to related LEAs and DPAs.
You’ll be able to learn their full response beneath:
“Acer routinely screens its IT programs, and most cyberattacks are effectively defensed. Firms like us are always below assault, and we’ve got reported current irregular conditions noticed to the related legislation enforcement and knowledge safety authorities in a number of nations.”
“We’ve been constantly enhancing our cybersecurity infrastructure to guard enterprise continuity and our data integrity. We urge all firms and organizations to stick to cyber safety disciplines and finest practices, and be vigilant to any community exercise abnormalities.” – Acer.
In requests for additional particulars, Acer mentioned “there’s an ongoing investigation and for the sake of safety, we’re unable to touch upon particulars.”
Doable Microsoft Trade exploitation
Vitali Kremez informed BleepingComputer that Superior Intel’s Andariel cyberintelligence platform detected that the Revil gang just lately focused a Microsoft Trade server on Acer’s area.
“Superior Intel’s Andariel cyberintelligence system detected that one explicit REvil affiliate pursued Microsoft Trade weaponization,” Kremez informed BleepingComputer.
The risk actors behind the DearCry ransomware have already used the ProxyLogon vulnerability to deploy their ransomware however they’re a smaller operation with fewer victims.
If REvil did exploit the current Microsoft Trade vulnerabilities to steal knowledge or encrypt units, it will be the primary time one of many massive game-hunting ransomware operations used this assault vector.