Saturday, December 2, 2023

Acer Stung By Ransomware Attack

Any company is vulnerable to a ransomware attack so long as the hackers know what they’re doing, but there are some types of businesses you expect to be better prepared for such an attack than others. A big-name computer company, for example, should be able to head off such an attack with virtual ease. Failing to do so would be a public relations disaster. Suppose a well-known, big-brand computer company were to suffer a ransomware attack. In that case, it might as well advertise to its customers that it isn’t capable of safeguarding its software or equipment. It would be the ultimate nightmare scenario for a tech company – and Acer is living through that nightmare right now.

We’re writing this article in the immediate aftermath of the news breaking about the attack, so the scale of the problem isn’t clear. Some sources claim that the ransom that the attackers are looking for is a cool one hundred million dollars. Others say that the ransom is “only” fifty million. In either event, it’s a sum that Acer can’t pay without suffering severe financial consequences, and it’s far from clear that they’d get their systems back even if they were to pay. Initial reporting says that this is the same group of ransomware attackers – known as “REvil,” that went after Travelex in 2020. Ultimately, Travelex paid $2.3m to regain control over its systems and files. That turned out to be the least of the company’s problems, but the hackers are at least believed to have kept their word. The figure being asked of Acer is far higher, and as a tech firm, they shouldn’t have found themselves in this position in the first place.

Some of you are probably wondering why a ransomware group would go after such an unlikely target in the first place. There are richer companies out there, and most of those richer companies theoretically ought to have less robust security protocols. That’s misunderstanding the fundamental point of such an attack, though. To the people who perpetrate ransomware attacks, the whole process is like playing online slots with very high stakes. You don’t know whether or not you’re going to win anything when you first log in to an online slots website, but you do know that you definitely won’t win anything if you don’t try. Each spin of the reels comes at a cost, but it’s a chance of a win. A ransomware attack is a spin of the reels. Some attacks will work, and some won’t. Some companies will pay up, and some will lose. The principles are exactly the same as those of a online slots IE website, but the rewards are far higher when an attack is successful.

There’s also a growing trend for malicious hackers to see ransomware as the best opportunity to make money from their dubious profession. Improvements to security software and programming, along with a greater awareness among the general public that they shouldn’t open file attachments from unknown senders or visit “unsafe” websites, have made old-school hacking harder and less profitable. However, ransomware attacks can lock up whole networks in an instant and offer technicians no means of repairing the damage. Without the encryption key, there’s no hope, and so there’s more of a compulsion to pay. The tone was set when the WannaCry attack on the United Kingdom’s National Health service in 2017 raked in over $100m, and attacks have only become more sophisticated since then. On that occasion, it was North Korean hackers who were responsible – albeit North Korean hackers using an exploit developed in the United States of America by the NSA.

Reports about the attack on Acer first emerged, which offers a little more detail on the incident. According to them, it’s likely that the attack was launched via a weakness in Microsoft Exchange. If so, that might imply that Acer has been slow to apply security patches. Microsoft has launched several vulnerability fixes for issues in Exchange within the past month, but the Taiwanese firm appears to have fallen victim anyway. The hackers have given Acer up to March 28th to pay the ransom, or all of the stolen data will be published online. The nature of the data that the hackers have gained access to isn’t currently known but is likely to include company-sensitive data. It might include financial data or perhaps information on forthcoming products and services.

As we mentioned at the start of the article, it would be a PR disaster for Acer if they openly admitted that they’d fallen victim to a cyber assault of any kind. That might explain the vague wording of the statements they’ve released thus far, which fail to specifically confirm that any such attack has taken place. Disregarding the direct questions put to the company by several publications, Acer has said that it is “constantly under attack” and has “reported recent abnormal situations to the relevant authorities.” Reading between the lines that would appear to confirm that something has happened, but Acer isn’t especially keen on the rest of the world finding out what that “something” might be. We shouldn’t discount the possibility that “REvil” is bluffing, but they weren’t bluffing when they attacked Travelex, and there would be no apparent reason for them to start doing so now.

A further update released from Acer as we were in the process of writing this article states that the company won’t be making any further comment because the matter is now an “ongoing investigation.”

Acer is currently believed to control around sixty billion dollars in assets, but it isn’t immediately clear how much of that is liquid cash. There’s no doubt that they could pay the ransom if they wanted to, but not without cutting budgets elsewhere in order to do so. It’s also not immediately clear whether they could make a claim in any insurance policy to cover the cost. If a human error was determined to be the root cause of the problem – human error like, for example, not keeping up to date with security patches – it’s unlikely they’d qualify for a payout. In the meantime, though, the company will be wholly or partially paralyzed while its computers are locked up. Paying the ransom probably isn’t the right thing to do from a moral perspective, but it might be the best option from a practical one.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles