Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Tag: Proxy Logon vulnerability

Tag Archives: Proxy Logon vulnerability

Home » Tag: Proxy Logon vulnerability

Computer giant Acer hit by $50 million Ransomware Attack

REvil Ransomware Targets Acer’s Microsoft Exchange Server: Source

The notorious REvil ransomware gang recently targeted a Microsoft Exchange server on Taiwanese PC giant Acer’s domain, according to Advanced Intelligence CEO Vitali Kremez.

Computer giant Acer hit by $50 million Ransomware Attack

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.

Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019.

Yesterday, the ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof.

These leaked images are for documents that include financial spreadsheets, bank balances, and bank communications.

Acer did not provide a clear answer regarding whether they suffered a REvil ransomware attack, saying instead that they “reported recent abnormal situations” to relevant LEAs and DPAs.

You can read their complete response below:

“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”

“We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.” – Acer.

In requests for further details, Acer said “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”

Highest known ransom demand

After publishing our story, Valery Marchive of LegMagIT discovered the REvil ransomware sample used in the Acer attack that demanded a whopping $50 million ransom.

Soon after, BleepingComputer found the sample and can confirm that based on the ransom note and the victim’s conversation with the attackers, the sample is from the cyberattack on Acer.

In conversations between the victim and REvil, which started on March 14th, the Acer representative showed shock at the massive $50 million demand.

Later in the chat, the REvil representative shared a link to the Acer data leak page, which was secret at the time.

The attackers also offered a 20% discount if payment was made by this past Wednesday. In return the ransomware gang would provide a decryptor, a vulnerability report, and the deletion of stolen files.

At one point, the REvil operation offered a cryptic warning to Acer “to not repeat the fate of the SolarWind.”

REvil’s 50 million demand is the largest known ransom to date, with the previous being the $30 million ransom from the Dairy Farm cyberattack, also by REvil.

Possible Microsoft Exchange exploitation

Vitali Kremez told BleepingComputer that Advanced Intel’s Andariel cyber intelligence platform detected that the Revil gang recently targeted a Microsoft Exchange server on Acer’s domain.

“Advanced Intel’s Andariel cyber intelligence system detected that one particular REvil affiliate pursued Microsoft Exchange weaponization,”

The threat actors behind the DearCry ransomware have already used the Proxy Logon vulnerability to deploy their ransomware but they are a smaller operation with fewer victims.

If REvil did exploit the recent Microsoft Exchange vulnerabilities to steal data or encrypt devices, it would be the first time one of the big game-hunting ransomware operations used this attack vector.

 

Read More »

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket