March 22, 2021
Hardware Manufacturer Acer Hit with REvil Ransomware; $50 Million Ransom
Taiwanese electronics maker Acer has been hit by a REvil ransomware attack with a hefty ransom demand of $50 million – the largest known ransom to date. The news came to light after the party responsible for the attack announced it on their data leak site and shared screenshots of stolen files to prove it.
Acer isn't the only massive technology manufacturer to be impacted by ransomware this week. Days after the attack on Acer, Sierra Wireless, a global manufacturer of wireless equipment, halted production in their factories after a ransomware attack. While fewer details are known about this attack at this time, Sierra Wireless's IT network was encrypted and manufacturing sites shut down, impacting customer orders. An expected resolution timeline is currently unknown.
Connection to Microsoft Exchange exploitation a possibility
According to BleepingComputer, Advanced Intel's Andariel cyber intelligence platform detected that the REvil gang recently targeted a Microsoft Exchange server on Acer's domain, following the massive hack and exploitation of vulnerabilities of Exchange earlier this month.
If the ransomware gang responsible for the attack on Acer used the Microsoft Exchange vulnerability, it would be the first use of this attack vector by a large ransomware gang.
How businesses can prevent ransomware
This attack shows that the size of a business does not make it immune to the risks posed by the current cybersecurity landscape. If you’re a managed service provider (MSP) and your clients think they’re immune to ransomware, this may help them understand the risk – no business is safe.
“In our conversations with our partners, we often hear that small and medium businesses (SMBs) do not feel that ransomware will impact them as their data is not that important or sensitive enough to attack. The problem with that thinking is that attackers are really counting on your data being important to you,” said Ryan Weeks, CISO at Datto. “No business is safe from this cyber risk. There are ways to prevent an attack, but nothing is foolproof, especially as attacks become more sophisticated and tactics evolve. The recent attack on Acer proves that even the most mature, technologically-savvy organisations can fall victim, as can the legal firm, coffee shop, or non-profit on Main Street.”
To prevent ransomware, businesses can take various steps in hardening their security infrastructure and identifying gaps and vulnerabilities before they’re capitalised on.
- Ensure antivirus is installed on all machines. A critical tool for all businesses, antivirus is the first step in defending against an attack. While it should not be the only preventative measure, it is an essential one.
- Patch vulnerabilities immediately. Microsoft’s incident began with an unpatched vulnerability, as did the infamous WannaCry incident that jumpstarted the rise in ransomware over the last four years. The importance of patching vulnerabilities cannot be overstated.
- Ransomware detection. Many technologies offer ransomware detection capabilities that can alert businesses of an attack before it spreads or files are encrypted. If you’re a small and medium business (SMB), work with a managed service provider (MSP) or managed security service provider (MSSP) to see what solutions they can implement to detect ransomware on your network.
- Have a comprehensive data protection plan in place. Businesses of all sizes, across all industries, need to ensure their data is protected in the event of an attack. In addition to the precautions above, it’s important to prepare for the aftermath of an attack as well. Ensure data is regularly backed up in a secure location that you can access in the event of an attack.
SaaS Protection for SMBs
Datto SaaS Protection offers MSPs a way to protect their clients’ cloud data and ensure it’s accessible in the wake of a ransomware attack or other data-loss event. SaaS Protection provides simple, automated, and secure backups three times every day, stored independently from your SaaS provider’s infrastructure, with unlimited storage and infinite retention.