Acer, a major global electronics company, has recently become the target of a ransomware attack by the veterans of the Maze malware gang. The Maze ransomware is an information-stealing variety that encrypts sensitive data and threatens to make it public if not paid within a specified time frame.
Acer became the latest victim of the Maze ransomware in April 2021 when its networks were infiltrated. The incident is believed to have started with an employee falling for an email phishing attack, as cybercriminals used malicious emails to gain access to Acer’s corporate network and related information. While it remains unclear what data was specifically stolen in this cyberattack, it is believed that cybercriminals made off with very sensitive information which has caused serious concerns to Acer customers and other organisations at large who may do business with Acer.
This article will examine how the Maze gang targeted the global electronics giant and provide key cybersecurity strategies organisations can use to protect against threats posed by this formidable threat actor group. It will also discuss what potential harm such a breach can cause and steps victims should take if they find themselves in similar circumstances as those experienced by Acer in their recent security incident.
What is Ransomware?
Ransomware is malicious software designed to take over computer systems and encrypt files until the victim pays a ransom. It usually enters a system through malicious websites or email attachments and then uses an encryption algorithm to scramble the data. Once the files are encrypted, a message demanding payment in exchange for the decryption key appears on the screen. Ransomware can cause serious damage to businesses, as it can disrupt operations and access to data, resulting in loss of revenue, customer trust, and recovery costs.
Ransomware gangs are organised groups that spread ransomware through various means to extort money from victims. They work by gaining access to computer systems via weak security measures or exploiting unpatched vulnerabilities in software and applications. Once inside a network or system, they hijack data, which is used as leverage for extortion purposes. In some cases, ransomware gangs have successfully breached sensitive assets belonging to corporations such as Acer, who were recently targeted by the CLOP ransomware gang earlier this year.
The gang gained access through an existing vulnerable point in Acer’s networks and once inside they encrypted user accounts and multiple databases on their networks. The hackers then posted Acer’s private documents online with a request that either payment was made within 10 days or more confidential information would be released publicly until finally their demands were met with payment of an undisclosed sum of money in cryptocurrency.
Many companies whose critical resources have been compromised by ransomware often opt to pay huge sums of money instead of trying costly damage control measures due to lack of resources or strategies used against cyber-attacks like these – thus resulting in a vast amount of hard-earned profits being directly funnelled into these multinational criminal organisations’ coffers every year despite government’s attempts at containing them with legislative measures such as fines against members involved in these activities..
Ransomware Gang Demands $50 Million Acer
The infamous ransomware gang, “REvil”, recently targeted Acer with a massive ransom demand of $50 million. This was not the first time the group had targeted a large company, and as they have continued to become more brazen, Acer could not ignore the threat. But how did the ransomware gang target Acer? In this article, we will look at how the attackers managed to target Acer, their demands, and the response from the company.
What Data Was Compromised?
In March 2020, Acer became one of the biggest high-tech corporations to suffer a ransomware attack. The ransomware gang, reportedly known as REvil, was able to access confidential data of millions of users including “files and folders, large files archive history and user credentials’ ‘. Though the exact number of victims has not been revealed, it is estimated that the attackers have access to over 200 thousand Acres customers’ data.
The hackers breached Acer’s computer networks by exploiting the Remote Desktop Protocol (RDP), a protocol used by remote terminal services commonly left open on corporate networks. Once they had access to Acers’ systems, they were reported to have stolen over 50 GBs worth of data. This vast amount of data is believed to include customer records such as names, addresses, phone numbers and emails, internal databases and spreadsheets containing names and account numbers, and internal emails between employees.
The REvil gang also installed malware that encoded some parts of the network making it impossible for Acer’s IT staff or customers to gain access without paying a ransom demand. In response to this threat and breach in security measures in their computing systems, Acer made sure any information stored on its server was encrypted with 256-bit encryption keys.
How Was the Attack Discovered?
Reports of Acer experiencing a ransomware attack first surfaced on November 24, 2020. It is believed that the attack was caused by a cybercriminal gang known as REvil. This gang is considered one of the most active and dangerous groups that target large companies with sensitive data and can demand a ransom to grant access back or cause irreparable damage by withholding information or encrypting data systems.
At first, the exact nature of their infiltration into Acer’s system was unknown – whether they had exploited existing software vulnerabilities or used human-engineered phishing attacks to gain access. However, it had been going on for at least one year before its discovery in July 2020. For example, emails from a fake Microsoft address were delivered to multiple employees in June 2019 to gain access and steal credentials. Furthermore, some online forums reported similar attempts on other companies as early as January 2019.
It remains unclear at this stage how many customers have been affected by this attack. Still, it does appear that some personal customer information such as credit card numbers might have been compromised due to email fraud attempts made by hackers from the same group. Acer has invested heavily in sophisticated protection systems to stop this kind of threat. However, it still illustrates the constant risks posed by cybercriminals when pursuing active e-commerce strategies without adequate security protocols in place.
What Was the Extent of the Damage?
Acer was targeted by Ragnar Locker ransomware in August 2020. The crime gang behind the attack gained access to the company’s systems by exploiting a system vulnerability and deployed their ransomware to more than 74,000 machines worldwide. The multinational technology company based in Taiwan is one of the world’s top five most recognizable laptop brands, meaning many victims of this attack were likely unwitting consumers and small business owners.
The damage caused by the attack is not yet known, but reports suggest that Ragnar Locker may have stolen confidential data regarding customer and financial information. In response to this, Acer has set up an incident response system and implemented stronger security protocols. Additionally, while it is unclear how much money was paid as ransom, Acer informed users of potentially impacted machines that they would bear no financial responsibility due to the breach.
Although exact estimates are unknown, some sources estimate that costs associated with these types of breaches can range from hundreds or even millions in recovery expenses depending on complexity and scale. Additionally, organisations can suffer significant reputational damage due to customer trust issues which could take even longer to restore—if ever—as lost trust can be difficult (or impossible) to recover.
How Did Acer Respond?
Acer recently experienced a ransomware attack in which a gang demanded $50 million in ransom. As one of the largest computer manufacturers in the world, Acer had to respond quickly and decisively. In this article, we will look at how Acer responded to this attack and what steps they took to protect their customers’ data.
What Steps Did Acer Take to Mitigate the Breach?
Acer, one of the world’s largest computer manufacturers, fell victim to a ransomware attack that crippled its operations and caused immense data loss and credentials. In such cases, prompt response to the threat is of utmost importance. Fortunately, Acer quickly reacted and took several measures to resolve the situation with minimal disruption.
Acer’s first step was shutting down all their services while they assessed and contained the breach. This enabled them to limit further damage and secure the network from infiltration by malicious actors.
Acer also worked closely with law enforcement agencies such as Interpol, Europol and other police forces in affected countries to investigate the breach and identify potential suspects behind it. They even engaged renowned cybersecurity firms like Kaspersky Labs for technical assistance with their investigation. The company also issued several public notifications about the incident across their digital channels so customers would know what had happened.
Apart from handling remediation activities internally, Acer took highly effective corrective actions outside to protect customers’ data against similar threats in the future. For example, it raised public awareness via social media posts regarding best cyber-security practices and installation of robust anti-malware solutions on PCs they sold so that customers could stay safer online.
In addition, Acer created a detailed incident response plan drafted with collaboration from experts around security systems engineering best practices worldwide as a precautionary measure against such incidents occurring again in future or other companies facing similar scenarios because of lack of planning or resources.
How Did Acer Handle the Ransom Demand?
When Acer found out about the ransomware attack, they quickly took steps to fix the problems and avoid the incident from escalating further. In response to the attackers’ ransom demand, Acer released a statement emphasising their commitment to protecting their customers’ data and privacy. In addition, they assured customers that none of their data had been compromised.
In addition, Acer announced plans to roll out enhanced security measures to help protect customer data. This included encrypting backups of all customer data with AES 256 encryption and strengthening internal security protocols. They also introduced multi-factor authentication when accessing customer accounts and improved detection of malicious activities on their systems. On top of that, they implemented regular security audits and inspections on potential vulnerabilities in systems.
Overall, Acer responded well to the situation by taking swift action to ensure customer safety and mitigate damage from the attackers’ threats. Furthermore, demonstrating quick progress with advanced security measures gave confidence to customers that their privacy was still a top priority for Acer despite this incident.
Conclusion
In conclusion, it is evident that the ransomware gang employed sophisticated tactics to target Acer and extract millions of dollars in ransom payments. By leveraging sophisticated threats such as phishing campaigns and exploiting Zero-day vulnerabilities, the gang could successfully infiltrate the Acer network and bring most operations to a standstill. The experience of Acer serves as an important reminder that companies should be able to detect intrusions early on and have effective response plans. It also emphasises the need to invest in technologies that can help detect malicious threats, strengthen defence measures, and carefully monitor all incoming traffic on their networks. Companies should also have adequate security awareness training for all employees, particularly those with access to corporate networks, so they are more likely to identify threats quickly and take appropriate action against them.
tags = ransomware gang, taiwanese computer maker acer, revil ransomware gang, 50 illion dollars, decrypt company computers, 50m acercimpanu therecord, acer acercimpanu therecord, revil acer 50m therecord, acer 50m therecord, revil acer 50m acercimpanu therecord, acer 50m acercimpanu therecord, acer internal documents, computer maker’s management team, malware intelligence analyst, malwarebytes tracked revil dark web, highest ransom demand