Ransomware gang demands $50 million from computer maker Acer

Taiwanese computer maker Acer has suffered a ransomware attack over the past weekend at the hands of the REvil ransomware gang, which is now demanding a whopping $50 million ransom payment to decrypt the company's computers and not leak its data on the dark web.

The attack has not disrupted production systems but only hit the company's back-office network. The security breach was not deemed disruptive enough to prevent or delay the computer maker from announcing its Q4 2020 financial results on Wednesday.

Acer spokespersons have played down the incident when reached out for comment and have avoided confirming it as a ransomware incident.

The Record initially reached out for comment after the company's name was listed on a dark web portal earlier this week, where the REvil ransomware group usually leaks files from companies that don't pay extortion fees.

But the REvil gang had not yet leaked Acer files. Instead, it only shared some screenshots of internal documents as a warning shot for the computer maker's management team and to force a ransom payment.

Image: The Record

With the help of Marcelo Rivero, a malware intelligence analyst at Malwarebytes, The Record was able to track down the other dark web portal operated by the REvil gang — where victims are redirected for ransom payment negotiations.

Here the ransom demand was clearly visible, a whopping $50 million payment request, which represents the highest ransom demand ever requested by a ransomware group.

Image: The Record

This page also granted us access to the online chat that the REvil gang was using to communicate with Acer representatives, which showed that current negotiations had reached a dead-end.


Image: The Record

Acer is the sixth-largest personal computer maker in the world, with a market share of roughly 6% of all global sales. The company reported a total revenue of roughly $3 billion in Q4 2020, hence the record-breaking ransom demand.

Subsequent phone calls to an Acer representative were not returned.

Earlier this week, Unknown, the public-facing persona of the REvil ransomware group, granted The Record an exclusive interview in regards to the REvil operation.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.