Ransom Requested: $50 Million
REvil claimed in March that they had broken into and stolen unencrypted data from Taiwanese PC giant Acer. On their public leak site, the notorious ransomware group posted alleged images from Acer’s financial spreadsheets, bank balances, and bank communications. Acer wouldn’t comment on if it was hit by ransomware, the amount of ransom demanded, or if its Microsoft Exchange servers were struck.
In a conversation that started March 14, the attackers offered Acer a 20 percent discount if payment was made by March 17. In return, the REvil affiliate said they’d provide a decryptor, a vulnerability report, and the deletion of stolen files. But no payment was received, so the REvil affiliate behind the Acer attack demanded a $50 million ransom on March 19.
REvil also reportedly targeted a Microsoft Exchange server on Acer’s domain, according to Advanced Intelligence CEO Vitali Kremez. That represented an escalation in the massive campaign against Microsoft Exchange servers, which first came into the public eye March 3 when the Redmond, Wash.-based software giant disclosed four vulnerabilities in on-premises versions of Exchange.