Taiwanese hardware company Acer has been hit by a ransomware attack, with attackers demanding it cough up $64 million in cryptocurrency to have files decrypted.
The 'REvil' ransomware gang posted a sample of data from the attack to its leak site last week showing information about corporate customers including names, addresses, and bank account numbers.
In a statement, Acer avoided directly stating it had been victimised by the infamous cyber criminals, saying it "routinely monitors its IT systems".
"Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries," Acer said.
"We have been continuously enhancing our cyber security infrastructure to protect business continuity and our information integrity.
"We urge all companies and organisations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities."
Acer data appearing on the REvil dark web blog. Image: Supplied
French tech news site LeMagIT accessed a sample of the malware including the ransom note demanding Acer pay over 200,000 Monero – equivalent to around $64 million.
If Acer does not pay up by March 28, REvil says it will double the ransom amount.
James Bergl, regional VP of sales for Cyber firm Datto, said the attack on Acer shows how household names can get caught out by cyber security threats.
"If high profile brands can get attacked, it can happen to anyone — business of all sizes are at risk," he said.
"It’s important for organisations to know they don’t need to do this by themselves.
"Organisations must continue to adapt, be agile and responsive and get support from security specialists who can carry out independent security and vulnerability assessments and implement appropriate security measures as and when required."
REvil is a ransomware-as-a-service group that hires affiliates to distribute the malware and extort companies.
The ransomware developers keep the malware updated and use ID numbers to track the success rates of its hired affiliates which chief scientist at cyber McAfee said helps keep developers "at arms-length when infecting organisations”.
The ransom note demanding Acer pay US$50 million in privacy coin Monero. Image: LeMagIT
REvil was behind the attack on currency exchange company Travelex last year.
Cyber security researcher Vitali Kremez told Bleeping Computer that a threat intelligence portal had detected REvil targeting a Microsoft Exchange Server used by Acer in early March.
A new strain of ransomware was recently discovered that leverages Microsoft Exchange Server vulnerabilities.
Since its successful attack on Acer, REvil has hit US utilities technology company Milsoft. Screenshots posted on its leak site show the ransomware gang has gained remote access to Milsoft machines which could be indicative of a successful attack using the Microsoft Exchange Server vulnerabilities.
The gang showed it also had access to the Milsoft's IT admin's account for password manager LastPass.