https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Master Agents
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity & Inclusion
  • MSSP Insider
  • MSP 501
    • Back
    • Apply Now
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • Videos
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
    • Channel Educational Series
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
    • Channel Convergence
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Content Resources
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • Excellence in Digital Services
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Master Agents
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity & Inclusion
  • MSSP Insider
  • MSP 501
    • Back
    • Apply Now
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • Videos
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
    • Channel Educational Series
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
    • Channel Convergence
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Content Resources
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • Excellence in Digital Services
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Ransomware message

REvil Ransomware Hits Acer, Demands Potential $100 Million Ransom

  • Written by Edward Gately
  • March 23, 2021
The attackers are threatening Acer could be the next SolarWinds.

Laptop giant Acer has been hit by a REvil ransomware attack and could face a staggering $100 million ransom if it hasn’t coughed up half of it by March 28.

The REvil ransomware attack was first reported by Bleeping Computer. On March 18, the threat actors announced on their data leak site that they had breached Acer. They shared some images of allegedly stolen files as proof.

The data allegedly exposed included client lists, payment form applications and financial documents. Acer hasn’t acknowledged the ransomware attack.

REvil Known for High Demands

Ivan Righi is cyber threat intelligence analyst at Digital Shadows. He said the malicious hackers are demanding Acer pay $50 million by March 28. If not, the ransom would double.

Digital Shadows' Ivan Righi

Digital Shadows’ Ivan Righi

“The REvil ransomware group is known for its high ransom demands, with a recent example being its $30 million ransom demanded from Dairy Farm in February,” he said. “It is not known if any of REvil’s victims have paid these exorbitant ransom demands, although it is unlikely.”

REvil likely exfiltrated information that is highly confidential, or that could be used to launch cyberattacks on Acer’s customers, Righi said.

REvil allegedly targeted Microsoft Exchange server vulnerabilities in attacks against Acer, he said.

Jeff Costlow is ExtraHop‘s CISO. He said there’s still a lot of uncertainty about the extent of the attack on Acer.

ExtraHop's Jeff Costlow

ExtraHop’s Jeff Costlow

“Not only did the REvil operation lock down files, they also clearly exfiltrated some portion of that data,” he said. “Exfiltration before encryption is becoming increasingly popular because it gives victims two reasons to pony up the ransom. They need to both regain access to their files and attempt to prevent leaks of their data.”

The Next SolarWinds?

The most disturbing part of this attack is that Acer could be the next SolarWinds, Costlow said.

“Encrypting files and exfiltrating data, even their source code, wouldn’t allow them to perpetrate a SolarWinds-style supply-chain attack,” he said. “For that, they would need to have compromised Acer’s build or update systems.”

The attackers are probably just trying to scare Acer into paying up, Costlow said. That said, the prospect of a multivector attack that involves encryption, exfiltration and exploitation is “terrifying.”

“It’s a cyberattack hat trick,” he said.

Oliver Tavakoli is Vectra‘s CTO. He said the size of the ransom request comes down to threat actors testing the market with a “fantastical opening gambit.”

“I would guess that Acer would either pay no ransom or would negotiate a much reduced amount,” he said.

NetEnrich's Brandon Hoffman

NetEnrich’s Brandon Hoffman

Brandon Hoffman is Netenrich‘s CISO. He said cybercriminals have been investing their time in supply-chain and developers tool attacks. That reduced the focus on ransomware attacks since they are now playing the “long game.”

“This presents an opportunity in itself because attackers who saw the payoff from these supply-chain attacks left a gap where ransomware operators have more available attack surface. meaning ransomware will become a bull market again,” he said.

Tags: MSPs Endpoint MSSP Insider Network

Related


  • Threats
    10 Ways to Keep Customers Safe with Threat Protection by Year's End
    Cybersecurity vendors share more advice for MSSPs and other channel partners.
  • Sophisticated hacker
    Mass Microsoft Exchange Exploitation Still Impacting Organizations
    Threat actors have a lot of options, including launching ransomware and other attacks.
  • Email Security
    Cofense's Cyberfish Acquisition Creates Email Security Solution for MSPs, MSSPs
    Both Cofense and Cyberfish are focused on email security, but have not been competitors.
  • Flaming New
    New Cybereason MSSP Program Launches in North America
    Much of the structure, resources and pricing available in the program were built based on partner guidance.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • McAfee: Software Vulnerabilities Threaten Schools Amid Return to Campuses
  • Phishing Email Warning Shows Cybercriminals Seizing on Tax Filing Delay, Vaccine Rollout
  • Threat Protection Measures Cybersecurity Vendors Fear You’re Ignoring
  • Nation-State Cyberattacks: SolarWinds, Microsoft Just the Beginning

Galleries

View all

M&A Roundup: Tech Data, RingCentral, Telarus, Datto, More

April 20, 2021

Industry Perspectives

View all

Annual MSP Benchmark Survey Reveals Remote Work Still a Top Challenge

April 20, 2021

Why Digital Transformation Is the ‘Invisible Hand’ of Our Time

April 19, 2021

SD-WAN Supports More Purposeful Shift to Cloud

April 16, 2021

Webinars

View all

What to Look For: 2021 Threat Report

April 22, 2021

Health Care and SD-WAN: A Seller’s Guide

April 27, 2021

How MSPs Can Leverage SOCaaS to Improve Security & Grow Revenue

May 4, 2021

White Papers

View all

Hacker Personas: A Deeper Look into Cybercrime

April 20, 2021

Carbonite Data Protection and Cyber Resilience

April 15, 2021

Top Tips: How Resellers Can Leverage Rackspace to Enhance Customer’s Cyber Security Protection with Microsoft 365 Security

March 30, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

MSP Summit

November 1, 2021 - November 2, 2021

Channel Evolution Europe

November 30, 2021 - December 1, 2021

Videos and Fastchats

View all

ACC’s Nancy Ridge on Gender Diversity in the Channel

5 Reasons Diversity, Equity and Inclusion Is Important

April 14, 2021

Five9 Shares Insights on Implementing a DE&I Strategy

April 13, 2021

FASTCHAT: How Fortinet Reduces Complexity Through Networking, Security

March 31, 2021

Twitter

ChannelFutures

.@AppSmartcom touted its platform at its #AppSmartUnleash event. dlvr.it/Ry5SSF https://t.co/RQdXFffe9N

April 20, 2021
ChannelFutures

.@digicert Security Summit highlights growth, innovation amid #COVID19. dlvr.it/Ry5SNP https://t.co/g1yFRHHjKa

April 20, 2021
ChannelFutures

Congrats to @CatSolazzo on her new #marketing gig at @Tech_Data. The channel knows her well from #IBM.… twitter.com/i/web/status/1…

April 20, 2021
ChannelFutures

.@OtavaLLC unveils #partnerprogram enhancements. #cloud dlvr.it/Ry4g4t https://t.co/D9dUuezdn9

April 20, 2021
ChannelFutures

#MSP business is still strong & growing @KaseyaCorp 2021 benchmark survey #digitaltransformation #remotework… twitter.com/i/web/status/1…

April 20, 2021
ChannelFutures

Our M&A roundup includes massive @Synnex-@Tech_Data merger, @McAfee's enterprise unit sale and @Telarus' acquisitio… twitter.com/i/web/status/1…

April 20, 2021
ChannelFutures

Join the Allies of the Channel Council, Xposure Inclusion & Diversity Council, and @AllianceofCW on Thursday at 2 p… twitter.com/i/web/status/1…

April 20, 2021
ChannelFutures

.@salesforce revives Data Recovery Service it retired last year as @AvePoint launches #Salesforce #CloudBackup.… twitter.com/i/web/status/1…

April 20, 2021

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X